Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos, meaning ‘covered, concealed, or protected’, and graphein, meaning ‘writing’. The first recorded use of the term was in 1499 by Johannes Trithemius in Steganographia, a treatise on cryptography and steganography which was disguised as a book about magic (Wikipedia).
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The general concept is hiding messages that overtly appear to be (or be part of) something innocuous such as images, articles, shopping lists, or a cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter. Some implementations of steganography lack a shared secret key and are forms of security through obscurity, whereas key-dependent steganographic schemes adhere to Kerckhoffs’s principle. For more information about this please seehttps://en.wikipedia.org/wiki/Kerckhoffs%27s_principle.
The advantage of steganography over cryptography is that the secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable, arouse interest and may be incriminating in countries where encryption is illegal or encryption keys are required to be accessible
Thus cryptography is the practice of protecting the contents of a message, whereas steganography is concerned with concealing the fact that a secret message is located within the message content.
Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding within the transported medium, such as a document file, an image file, a program, or a protocol. Media files are ideal for steganographic transmission because of the potentially large size, which makes detection difficult. For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet. This is a technique that is so subtle it would be almost impossible to notice unless looking directly for this adjustment.
Part II: Steganography in Action Using Kali Linux
NOTE: steghide only works with AU, BMP, JPEG, or WAV files. If you want to use a different file format, you will need to use a different tool.
To hide your secret messages inside images, you will need to download some tools. A popular tool I like to use isSteghide which you can install on Kali Linux. Here are the steps to using the tool:
Step 1: Installing Steghide
You will need to install a tool that lets you hide messages. You only have to install the tool one time and it is not provided as an included module with Kali Linux.
apt-get install steghide
Step 2: Create a text file with your hidden message
After you get comfortable with Steghide you can use more advanced command line features, but for now let’s simply create a text file with our hidden message. Feel free to use a text editor of your choice. I simply used vi to create a text file called my_secret.txt with the message, “My voice is my passport”.

My file is now saved along with the image file I am going to use.
Next we will use steghide to embed the hidden message into the graphic file. The graphic file I used was a simple drawing of my home lab network. As you can see it is an ordinary .jpg file.
Step 3: Using Steghide to hide your message
We will use a couple of basic options with Steghide:
  1. embed –ef is option to embed the secret message txt
  2. -cf is image file we will use
  3. jpg is a pic file which obfuscates the message
You’ll see a line to input a password or passphrase within the terminal screen. Create one you can remember or do the unthinkable and write it down. We then successfully embed the message into our image, thus hiding secret the message.
You can also compare the original file to the stenographic file, which is now considerably larger than the original. The hash values of the modified file and the original file are now different as well:
Step 4: Reading the embedded secret message
Okay, now that we know how to hide a message, how do we read the message from the image file? We will use theextract –sf command:
steghide extract –sf attack_lab.jpeg

Post a Comment