Steganagrophy

 

Hide Documents Using Steganography

Steganography means covered or hidden. It is mainly intended to hide a secret message in a plain message or an image file. Steganography is not a new technology. It has been around for thousands of years and was used by Greeks and Romans. In recent types, the methods of steganography have changed, but its intent still remains the same.

A basic steganography tool encodes information within another file, typically a media file such as a picture or audio/video file. A typical technique is to encode information in the least significant bit of the image or audio data. This does not materially affect the picture or sound and does not alter the file header (though it can change the file size).

In this exercise, you will hide documents in an image file.

Learning Outcomes

After completing this exercise, you will be able to:

• Hide Documents in an Image
• Use Steghide and Stegosuite to Hide Data in an Image
• Use SilentEye to Hide Information within a File

Your Devices

You will be using the following devices in this lab. Please power these on now.

• PLABDC01 - (Windows Server 2019 - Domain Server)
• PLABWIN10 - (Windows 10 - Workstation)
• PLABKALI01 - (Kali 2019.2 - Linux Kali Workstation)

Task 1 - Hiding Documents within an Image

Steganography (covered writing) is a method of hiding a message in a different form, such as a picture that only the sender or recipient knows about. This means communication can happen without a third party being able to detect the hidden message. It is extremely difficult to detect steganography.

There are various tools that you can use. One such tool is Gargoyle Investigator™ Forensic Pro. However, you can perform the same task with the help of a simple compression program like WinZip, Winrar, or 7-zip.

In this task, you will use 7-zip for folder steganography and hide the contents of a folder in an image file.

Step 1

Ensure you have powered on all the devices listed in the introduction and connect to PLABWIN10.

Click the File Explorer icon from the taskbar.

Figure 1.1 Screenshot of PLABWIN10: Clicking the File Explorer icon on the taskbar.

Step 2

In the left pane, expand This PC and select Local Disk (C:).

Figure 1.2 Screenshot of PLABWIN10: Selecting the Local Disk (C) in the left pane.

Step 3

Click the Home tab and then click New folder.

Figure 1.3 Screenshot of PLABWIN10: Creating a new folder on the Home tab in File Explorer.

Step 4

Type the following name for the new folder:

PLAB

Press Enter. Alternatively, click anywhere outside the text box where you are typing the name.

Figure 1.4 Screenshot of PLABWIN10: Naming the newly created folder as PLAB.

Step 5

Double-click the PLAB folder. You are now inside the PLAB folder. Note that the folder is currently empty.

Figure 1.5 Screenshot of PLABWIN10: Navigating inside the PLAB folder.

Step 6

You need to create two new text files.

To create a text file, right-click on the white area and select New and then select Text Document.

Figure 1.6 Screenshot of PLABWIN10: Creating a text document in the PLAB folder.

Step 7

You will be prompted to name the text document. In the text box, type the name as:

PLAB1

Press Enter.

Similarly, create another text file with the name:

PLAB2

Press Enter.

For this task, two text files, PLAB1, and PLAB2 are created.

Figure 1.7 Screenshot of PLABWIN10: Showing two text files in the PLAB folder.

Step 8

Select both the files. Right-click on the selection, select 7-Zip and then select Add to “PLAB.zip”.

Figure 1.8 Screenshot of PLABWIN10: Adding the text files to the PLAB.zip file.

Step 9

The PLAB.zip file is now created.

Figure 1.9 Screenshot of PLABWIN10: Showing the newly created PLAB.zip file.

Step 10

Now, you will need an image file that you can copy to the PLAB folder. For this demonstration, you have an image file named PLAB.png.

In the left pane, click the Pictures folder.

In the Pictures folder, right-click on PLAB.png and select Copy.

Figure 1.10 Screenshot of PLABWIN10: Copying the PLAB.png file from the Pictures folder.

Step 11

Navigate to This PC>Local Disk (C:)>PLAB .

Right-click anywhere on the white space and select Paste. The PLAB.png image is now in the PLAB folder.

Figure 1.11 Screenshot of PLABWIN10: Adding the PLAB.png image file to the PLAB folder.

Step 12

In the address bar of File Explorer, type the following command:

cmd

Press Enter.

Figure 1.12 Screenshot of PLABWIN10: Opening the command prompt.

Step 13

The command prompt window is displayed. You are already in the C:\PLAB directory.

Figure 1.13 Screenshot of PLABWIN10: Showing the opened command prompt window.

Step 14

Using the copy command with /b parameter will combine the two files creating a new file named PLAB-new.png.

Type the following command:

copy /b “PLAB.png”+PLAB.zip PLAB-new.png

Press Enter.

Figure 1.14 Screenshot of PLABWIN10: Entering the command to hide the text files in the image file.

Step 15

You will see a message showing that the command was successfully executed.

Close the command prompt window.

Figure 1.15 Screenshot of PLABWIN10: Showing the successful outcome of the command and closing the command prompt window.

Step 16

In File Explorer, ensure that you are in the C:\PLAB folder.

A new image file named PLAB-new.png is now created. Notice that the file size is the same as PLAB.png.

Figure 1.16 Screenshot of PLABWIN10: Showing the sizes of the PLAB and PLAB image files.

Step 17

Double-click PLAB.png and then PLAB-new.png. Note that both the image files display the same content. Most people will not be aware that the PLAB.png file actually has hidden content behind it.

Close both the files and minimize the File Explorer window.

Figure 1.17 Screenshot of PLABWIN10: Showing the PLAB-new.png and PLAB.png files.

Step 18

In the Type here to search text box, type the following:

7-zip File Manager

Press Enter.

From the search result, select 7-Zip File Manager.

Figure 1.18 Screenshot of PLABWIN10: Showing the search bar with the results and selection of 7-Zip File Manager.

Step 19

The 7-Zip File Manager window is displayed.

Figure 1.19 Screenshot of PLABWIN10: Showing the 7-Zip File Manager window.

Step 20

Click on Computer . Navigate to C:\PLAB folder and double-click the PLAB-new.png file.

Figure 1.20 Screenshot of PLABWIN10: Opening the C:\PLAB folder inside the File Manager.

Step 21

Notice both the hidden text files are displayed.

Figure 1.21 Screenshot of PLABWIN10: Showing two text files hidden within the PLAB-new.png.

Close all open windows.

Task 2 - Using Steghide to Hide Data in an Image

Steghide is a tool that needs to be installed on a Linux system, such as Kali Linux. It has the capability to hide data in different types of images or audio files such as JPEG, BMP, WAV, and AU files. This program allows the data to be encrypted after it’s been embedded into an image or audio file.

In this task, you will practice using Steghide.

Step 1

Ensure you have powered on all the devices listed in the introduction and connect to PLABKALI01.

Credentials are:

Username:

root

Password:

Passw0rd

Figure 1.22 Screenshot of PLABKALI01: Showing the desktop of PLABKALI01.

Step 2

On the desktop, in the left pane, click the Terminal icon.

Figure 1.23 Screenshot of PLABKALI01: Clicking the Terminal icon in the left pane.

Step 3

The terminal window is displayed. You first need to install the Steghide tool. This can be done using a command.

Type the following command:

apt-get install steghide -y

Press Enter.

Figure 1.24 Screenshot of PLABKALI01: Entering the command to install Steghide.

Step 4

The Steghide installation process starts.

NOTE: The installation process will take a few minutes to complete.

Figure 1.25 Screenshot of PLABKALI01: Showing the installation progress of the Steghide tool.

Step 5

The installation is now complete.

Figure 1.26 Screenshot of PLABKALI01: Showing the installation completion of Steghide.

Note: Sometimes, the installation can have errors, which you can ignore.

Step 6

Clear the screen by entering the following command:

clear

To view the Steghide help, type the following command:

steghide --help

Press Enter.

Figure 1.27 Screenshot of PLABKALI01: Entering the command to view the Steghide help.

Step 7

The help parameter displays the list of parameters that can be used with the steghide command.

Figure 1.28 Screenshot of PLABKALI01: Showing the output of the help parameter with the steghide command.

Step 8

Clear the screen by entering the following command:

clear

Firstly, create a new directory named plab. To do this, type the following command:

mkdir plab

Press Enter.

Figure 1.29 Screenshot of PLABKALI01: Creating a new directory with the mkdir command.

Step 9

Let’s navigate inside the plab directory. To do this, type the following command:

cd plab

Press Enter.

Figure 1.30 Screenshot of PLABKALI01: Navigating to the plab directory with the cd command.

Step 10

You are now inside the plab directory. Notice plab is colored blue to indicate you are in a directory.

You need to create a new text file named secret.txt using the touch command. The touch command can be used to generate a basic blank file in your Kali machine.

To do this, type the following command:

touch secret.txt

Press Enter.

Figure 1.31 Screenshot of PLABKALI01: Creating a new text file with the touch command.

Step 11

Let’s view the list of files in the plab directory.

To do this, type the following command:

ls -l

Press Enter.

Figure 1.32 Screenshot of PLABKALI01: Running the ls -l comment in the terminal.

Step 12

Notice that the secret.txt file is now present in the plab directory.

Figure 1.33 Screenshot of PLABKALI01: Showing the secret.txt file in the plab directory.

Step 13

Clear the screen by entering the following command:

clear

Now, you will need an image file to copy to the plab directory.

For this demonstration, you will find an image file named practice-labs.jpg under Files>Pictures.

Use the following command to copy this image into the plab directory:

cp ~/Pictures/practice-labs.jpg ~/plab

Figure 1.34 Screenshot of PLABKALI01: Showing the command to copy an image file into the plab directory.

Step 14

After copying the file, verify that the file exists in the plab directory. To do this, type the following command:

ls -l

Press Enter. Notice that the file exists in the plab directory.

Figure 1.35 Screenshot of PLABKALI01: Showing the text file and an image file in the plab directory

Step 15

You will now hide the secret.txt file in the practice-labs.jpg file. To do this, type the following command:

Note: Two parameters are being used: ef = is for the file that is being embedded. cf = is for the file that will contain the embedded file.

steghide embed -cf practice-labs.jpg -ef secret.txt

Press Enter.

Figure 1.36 Screenshot of PLABKALI01: Entering a command to hide the secret.txt file in the practice-labs.jpg file.

Step 16

You will be prompted to set a passphrase. Type the following password:

Passw0rd

Press Enter.

When prompted to re-enter the passphrase, type the following password:

Passw0rd

Press Enter.

Figure 1.37 Screenshot of PLABKALI01: Entering and re-entering the password.

Step 17

Notice that the message states that secret.txt file is now embedded in the practice-labs.jpg file.

Figure 1.38 Screenshot of PLABKALI01: Showing the message stating that the secret.txt file is embedded in the practice-labs.jpg file.

Step 18

Clear the screen by entering the following command:

clear

For users, the practice-labs.jpg file is a normal image file. However, you know that it has a hidden file inside. To extract the hidden file, type the following command:

steghide extract -sf practice-labs.jpg

Press Enter.

Figure 1.39 Screenshot of PLABKALI01: Entering the command to extract the file from the image file.

Step 19

Since there is password protection, you will be asked to enter the passphrase. Type the following password:

Passw0rd

Press Enter.

Figure 1.40 Screenshot of PLABKALI01: Entering the password to extract the file.

Step 20

After the password is verified, the file will extract. However, since the secret.txt file already exists in the plab directory, you will be prompted to overwrite this file.

In the real-world scenario, it is unlikely that you will be extracting the embedded file in the same directory.

Press the y key then press Enter.

Figure 1.41 Screenshot of PLABKALI01: Entering y to confirm the overwriting of the text file.

Step 21

Notice that the secret.txt is now extracted successfully.

Figure 1.42 Screenshot of PLABKALI01: Showing the extracted file.

Keep the terminal window open.

Task 3 - Using Stegosuite to Hide Data within an Image

Stegosuite is another tool that you can use in Kali Linux to hide data within an image file. Unlike Steghide, which is a command-line tool, Stegosuite is an image tool. It allows you to embed text as well as files within an image file.

In this task, you will practice using the Stegosuite tool.

Step 1

Ensure you have powered on all the devices listed in the introduction and still connected to PLABKALI01.

Figure 1.43 Screenshot of PLABKALI01: Showing the terminal window.

Step 2

Clear the screen by entering the following command:

clear

By default, Stegosuite is not installed in Kali Linux. You need to install it using the apt-get command. To do this, type the following command:

apt-get install stegosuite -y

Press Enter.

Figure 1.44 Screenshot of PLABKALI01: Entering the command to install Stegosuite.

Step 3

The Stegosuite installation process will start. The installation process will take a few minutes to complete.

Figure 1.45 Screenshot of PLABKALI01: Showing the installation progress of Stegosuite.

Step 4

The installation is now complete.

Figure 1.46 Screenshot of PLABKALI01: Showing the successful installation of Stegosuite.

Note: Sometimes, the installation can have errors, which you can ignore.

Step 5

Clear the screen by entering the following command:

clear

You have installed Stegosuite successfully. Now, you need to start it. There are multiple methods to start Stegosuite:

• Using the Applications menu
• By searching it
• Using the command line

Let’s start Stegosuite using the command line. Enter the following command:

stegosuite

Press Enter.

Figure 1.47 Screenshot of PLABKALI01: Entering the Stegosuite command to start it.

Note: Sometimes, errors can appear on the terminal screen, which you can ignore.

Step 6

The Stegosuite application is now displayed. Click File and then select Open.

Figure 1.48 Screenshot of PLABKALI01: Showing the window of the Stegosuite application.

Step 7

A dialog box is displayed. On the left pane, click on the plab directory.

Select practice-labs.jpg and click Open.

Figure 1.49 Screenshot of PLABKALI01: Selecting the practice-labs.jpg file and clicking Open.

Step 8

Notice that the right side of the Stegosuite dialog box displays the practice-labs.jpg image.

In the left pane, type the following message in the first text box:

This is a confidential message.

In the third text box, type the following password:

Passw0rd

Click Embed.

Figure 1.50 Screenshot of PLABKALI01: Entering a message to hide, entering a password, and clicking Embed.

Step 9

Notice that a message at the bottom of the Stegosuite dialog box states that embedding is now complete. A new file with the name practice-labs_embed.jpg is saved now.

Close the Stegosuite dialog box.

Figure 1.51 Screenshot of PLABKALI01: Showing a message at the bottom of the Stegosuite dialog box states that embedding is now complete.

Step 10

Clear the screen by entering the following command:

clear

At the command line, type the following command to start Stegosuite once again:

stegosuite

Press Enter.

Figure 1.52 Screenshot of PLABKALI01: Entering the Stegosuite command to start it.

Step 11

The Stegosuite application is now displayed. Click File and then select Open.

Figure 1.53 Screenshot of PLABKALI01: Clicking Open from the File menu.

Step 12

A dialog box is displayed. On the left pane, click on the plab directory.

Select practice-labs_embed.jpg and click Open.

Figure 1.54 Screenshot of PLABKALI01: Selecting practice-labs_embed.jpg and clicking Open.

Step 13

Notice that the right side of the Stegosuite dialog box displays the practice-labs_embed.jpg image.

In the third text box, type the following password:

Passw0rd

Click Extract.

Figure 1.55 Screenshot of PLABKALI01: Showing the practice-labs_embed.jpg image, entering a password, and clicking Extract.

Step 14

Notice that the text string has been extracted in the first text box.

Close the Stegosuite dialog box.

Figure 1.56 Screenshot of PLABKALI01: Showing the extracted text.

Close the terminal window.

Task 4 - Using SilentEye to Hide Information within a File

A basic steganography tool encodes information within another file, typically a media file such as a picture or audio/video file. A typical technique is to encode information in the least significant bit of the image or audio data.

This does not materially affect the picture or sound and does not alter the file header (though it can change the file size). You can use an application such as SilentEye to hide messages or data into images or audio files.

In this task, you will use SilentEye to hide information within a file. To do this, perform the following steps:

Step 1

Ensure you have powered on all the devices listed in the introduction and connect to PLABWIN10.

In the Type here to search text box, type the following:

Internet Explorer

From the search results, select Internet Explorer.

Figure 1.57 Screenshot of PLABWIN10: Selecting Internet Explorer from the search results.

Step 2

Internet Explorer opens the Tools and resources webpage.

Click Tools.

Figure 1.58 Screenshot of PLABWIN10: Clicking the Tools option on the Tools and resources page.

Step 3

You will be directed to [..] > Tools.

Scroll down a bit and locate Hacking Tools.

Click Hacking Tools.

Figure 1.59 Screenshot of PLABWIN10: Clicking the Hacking Tools option.

Step 4

On the [..] > Tools > Hacking Tools page, scroll down the page and locate silenteye-0.4.1-win32.exe.

Click silenteye-0.4.1-win32.exe.

Figure 1.60 Screenshot of PLABWIN10: Clicking the silenteye-0.4.1-win32.exe option.

Step 5

In the notification bar, click Run.

Figure 1.61 Screenshot of PLABWIN10: Clicking Run in the notification bar.

Step 6

The SilentEye Setup wizard is displayed. On the Welcome to the SilentEye Setup Wizard page, click Next.

Figure 1.62 Screenshot of PLABWIN10: Showing the welcome page of the SilentEye Setup wizard.

Step 7

On the License Agreement page, select I accept the agreement and click Next.

Figure 1.63 Screenshot of PLABWIN10: Accepting the license agreement on the License Agreement page.

Step 8

On the Installation Directory page, keep the default installation path and click Next.

Figure 1.64 Screenshot of PLABWIN10: Accepting the default installation path on the Installation Directory page.

Step 9

On the System Integration page, the Add SilentEye to start menu and Add SilentEye shortcut icon on desktop options are selected by default. Select the remaining options and click Next.

Figure 1.65 Screenshot of PLABWIN10: Selecting the appropriate options on the System Integration page.

Step 10

On the Select Components page, keep the default selection and click Next.

Figure 1.66 Screenshot of PLABWIN10: Accepting the defaults on the Select Components page.

Step 11

On the Ready to Install page, click Next.

Figure 1.67 Screenshot of PLABWIN10: Clicking Next on the Ready to Install page.

Step 12

On the Installing page, the installation progress is displayed.

Figure 1.68 Screenshot of PLABWIN10: Showing the installation progress on the Installing page.

Step 13

On the Completing the SilentEye Setup Wizard page, keep the default selection and click Finish.

Figure 1.69 Screenshot of PLABWIN10: Showing the installation completion.

Step 14

The SilentEye application is invoked automatically. Minimize the SilentEye application. Close the Internet Explorer window.

Figure 1.70 Screenshot of PLABWIN10: Showing the SilentEye dialog box and then minimizing it.

Step 15

Click File Explorer from the taskbar.

Navigate to This PC > Local Disk (C:) > PLAB directory.

Figure 1.71 Screenshot of PLABWIN10: Navigating to the C:\PLAB directory.

Step 16

Right-click the PLAB image and select Properties.

Figure 1.72 Screenshot of PLABWIN10: Right-clicking the PLAB image file and selecting Properties.

Step 17

The PLAB Properties dialog box is displayed. You need to make a note of the size and Created, Modified, and Accessed dates.

Click OK.

Figure 1.73 Screenshot of PLABWIN10: Showing the image properties and then closing the dialog box.

Step 18

Resume the SilentEye application from the taskbar. Drag-and-drop the PLAB file into the SilentEye window.

Figure 1.74 Screenshot of PLABWIN10: Dragging and dropping the image file on the SilentEye dialog box.

Step 19

Click the Encode option.

Figure 1.75 Screenshot of PLABWIN10: Clicking the Encode option.

Step 20

The Encode message: C:/PLAB/PLAB.png dialog box is displayed. In the Write a message or select a file to hide text box, type the following message:

This is a test!

In the Destination text box, set the path as following:

C:/Users/Administrator.PRACTICELABS/Desktop

Click the Encode button.

Figure 1.76 Screenshot of PLABWIN10: Entering the required details and clicking the Encode button.

Step 21

The Encode message: C:/PLAB/PLAB.png dialog box closes automatically. Notice that the PLAB image file is generated on the desktop.

Figure 1.77 Screenshot of PLABWIN10: Showing a newly created image file on the desktop.

Step 22

On the desktop, right-click PLAB and select Properties.

Figure 1.78 Screenshot of PLABWIN10: Right-clicking the image file and selecting Properties.

Step 23

The PLAB Properties dialog box is displayed. Notice that its Created, Modified, and Accessed attributes have changed now.

Click OK to close the PLAB Properties dialog box.

Figure 1.79 Screenshot of PLABWIN10: Showing the image properties and then closing the dialog box.

Close Silent Eye.