Welcome.
Steganography is an effective technique to hide data inside other file. It can be password protected as well as encoded. In my previous writing, I have explained - How to use Steghide to hide data.
But to solve any real life problem or to retrieve data from the file without knowing the actual password is a difficult task. Here I will demonstrate the way to crack a password without knowing it. I will explain in 2 sections
- Traditional Way
- New and Fast tool
Stegcracker
This is actually a python package to brute-force stego password. But this is also available in Kali Linux as a tool. Image below to set up this tool:
stegcracker setup in Kali Linux
Basic command : **stegcracker <file> <wordlist>**
- Below, I have used fasttrack.txt as a word list. Because it contains most common password and this is smaller than rockyou.txt
- index.jpeg is my target file. I don’t know the password, so I can not read the message embedded with it.
cracking with stegcracker
Using this tool is simple, but it’s not a tool to crack for today's world. We need more fast, more efficient something. Below is a comparison table of tools:
stegseek vs stegcracker
New and Fast tool
Stegseek is an actively maintained and well-supported tool. To set up easily, we need to download .deb file from the release page. Usage is well documented in that page.
Install command is different for this .deb file: **sudo apt install ./stegseek_0.6–1.deb**
Before cracking password:
- Stegseek has most of the functionality like steghide. So we can even embed a message with a cover file.
- Command is different from steghide. Here
**--embed**is in different format
stegseek embedding data like steghide
stegseek usage is simple, like stegcracker. Just specify image file and word list.
stegseek cracking the password
- seed is another useful feature of stegseek. It will try to crack the code with every embedding pattern possible
- Detect and recover file from stego.
cracking encoded stego
If you find this post useful, please share — Sharing is Caring ❤