09.06 Lab - Hiding Data in Pictures with Stegnography

Lab Manual Overview

In this lab, you will learn about steganography, the art of hiding data within other forms of media, specifically within images. Steganography is an ancient practice, modernized for the digital era. Unlike cryptography, which conceals the content of a message, steganography conceals the very existence of the message.

Objective of the Lab

This lab aims to provide a hands-on experience in the application of steganography using digital images. Through this lab, you will:

1. Understand the Basics of Steganography: Learn about the principles of steganography and its applications modern times.

2. Explore Digital Image Formats: Gain insights into how images are structured and how data can be embedded in them without noticeable alterations.

3. Practice Data Hiding Techniques: Use software tools to embed data into an image and learn how to extract it.

Benefits of This Lab

  1. Learn a unique method of data protection that complements encryption and other security measures.

  2. Gain a deeper appreciation of how digital images can be manipulated and used beyond their usual purposes.

  3. Develop your ability to think critically about information security, privacy, and the ethical implications of data hiding.

By the end of this lab, you will have an understanding of how steganography can be used to conceal data within images and how to extract that data.

Safety and Conduct

Steganography, while fascinating, must be used responsibly. This lab should be conducted in a controlled environment. Remember that modifying firewall settings in a live environment without proper authorization or knowledge can lead to network outages and security vulnerabilities.

Lab Steps

The video in this lab shows step-by-step how to perform this lab and what it should look like. Follow along in the video to get the most of this lab.

Access the lab platform here: https//tryhackme.com/room/cyber101

If you have issue with your access or the TryHackMe Platform, contact TryHackMe for lab access/platform issues. https://tryhackme.com/r/contact

If you are having challenges with the lab content itself, use the class Discord channel for support. https://simplycyber.io/discord

--------------------------------

  1. Enter the lab room in a web browser.
  2. Click blue button "Start AttackBox"
  3. Expand the Task 6 - 09.06 Lab - Hiding Data in Pictures with Steganography to show the lab details.
  4. Click the green button under Task 5 that says "Start Machine". Note at the top of the lab area new information will present that says "Active Machine Information" with a red banner.
  5. In the AttackBox window your machine will be initializing. Once the AttackBox window loads and you can see a Terminal with rainbow font you can begin.
  6. Click into the Terminal window with the rainbow font and hit "Enter" to close the window.
  7. Click "Places" on top nav in the AttackBox and select "Home Folder". A file browser window will appear.
  8. Next to location is an address bar that says "/root". Click in this text field and change the value to /usr/share/backgrounds/ubuntu-mate-photos
  9. Double click the file johann-siemens-591.jpg
  10. Note its a image file of a tree.
  11. Click the red X on top right of image window to close the image of the tree.
  12. Open a terminal by Double-clicking the Terminal icon on the desktop.
  13. type cd /usr/share/backgrounds/ubuntu-mate-photos and hit Enter
  14. Type ls and hit Enter
  15. Note the same files, including johann-siemens-591.jpg, appear here in the list and in the explorer window
  16. In the terminal, type steghide encinfo
  17. Note the supported encryption algorithms
  18. Type nano secret.txt
  19. (You are now in a text editor) Type "This is a secret message for your eyes only."
  20. Press and hold the CTRL key and press the X key. (CTRL+X)
  21. When prompted to save modified buffer, type Y for yes.
  22. Hit the Enter key when it asks "File Name to Write: secret.txt"
  23. The window will close. (You are now back in the main terminal screen)
  24. Type du -b secret.txt
  25. Note the file has a size of 45 bytes.
  26. Type steghide info johann-siemens-591.jpg
  27. When asked "Try to get information about embedded data ? (y/n)" Type n and hit Enter
  28. Note the size of the image file is 200.7 KB
  29. Type sha1sum johann-siemens-591.jpg
  30. Note the Hash: a6ff7465ff8d0c289c72844288d5cffa2007605e
  31. Type steghide embed -e rijndael-256 cbc -z 9 -cf johann-siemens-591.jpg -ef secret.txt and hit Enter
  32. When it says "Enter passphrase" type secret (NOTE: you will not see your keystrokes typing on screen)
  33. When it says "Re-Enter passphrase" type secret (NOTE: you will not see your keystrokes typing on screen)
  34. You have hidden the data in the image.
  35. Type sha1sum johann-siemens-591.jpg
  36. Note the hash has changed!
  37. Type steghide info johann-siemens-591.jpg
  38. When asked "Try to get information about embedded data ? (y/n) " type y
  39. Type secret when asked to Enter passphrase (NOTE: you will not see your keystrokes typing on screen)
  40. Note you see there is in fact a file hidden in this image.
  41. Type mv secret.txt old-secret.txt
  42. Type ls -al and see the secret file is no longer there and there is an old-secret.txt file.
  43. Type steghide extract -sf johann-siemens-591.jpg -p secret
  44. Type secret when asked for a passphrase. (NOTE: you will not see your keystrokes typing on screen)
  45. Note the file secret.txt was written to the computer.
  46. Type ls -al
  47. Note secret.txt is now there.
  48. Type cat secret.txt and see the contents of the secret file.
  49. Congratulations!
  50. Click the power button icon at the bottom of the AttackBox to "Terminate Machine".
  51. Under the Active Machine Information section, click the RED "Terminate" button.



TRANSCRIPTION

00:00:03:01 - 00:00:24:18

 

All right. Welcome to the lab. This is the steganography lab. We're going to be hiding data in pictures. Straight up. You're going to look at the picture. It's going to look identical, but in reality, we are covertly communicating data or secret messages or whatever. We want to jam into a photo. So really quick before we get into it, what is steganography and how does it work?


00:00:24:19 - 00:00:39:24

 

Okay, here we go. This is a picture of the Mona Lisa. Now it's this is a digital representation, right? I copy and paste this into the slides. You can look at it. You can see Mona Lisa. I can even zoom in here. Right. Let's go back. I can even zoom in. And it gets a little bit more fuzzy and pixilated.


00:00:40:02 - 00:01:01:13

 

But when we talk about resolution on a computer or TV screen, right. We got to get, you know, 4 billion pixels per square inch. What we're actually talking about is how much data can be jammed into a small space. Now, I want to give a shout out to Tim Ascend website, who I lifted this graphic from. It's perfect.


00:01:01:15 - 00:01:24:28

 

If we think about what a picture is, it's basically just a lot of little pixels. GM together and they're in a matrix just like this and all the pixels together form a color. And then, you know, because there's so many in a tight spot, we get what appears to be this nice, smooth look like, you know, her forehead is definitely this color.


00:01:24:28 - 00:01:50:19

 

But in reality, if you were to zoom in really, really close, you'd see all sorts of pixels and every single pixel has an r B value. You may have heard of this red, green, blue and the RG B values can go between zero and 255 and every single pixel, every single one is some color with an R, G and a B value between zero and 255.


00:01:50:19 - 00:02:14:13

 

So like for example, as seen in this graphic, the pixel right here coming out of this box right here has it our value of 140 for a G of 141 and a B value of 88. Right? So if you did 255 to 50 5 to 55, that would be black in 000 would be white. Right. And everything in between is a gradient of some sort.


00:02:14:16 - 00:02:50:15

 

If you did just 255 red in zero green zero blue, it would be a very, very red pixel. You see what I'm saying? So by adding, you know, these values or whatever, now each of these values go between zero and 255, which is basically eight bits. And you can see right here there are eight bits, 10010000. If you map this from binary to decimal, you would find out that this number is 144 in binary, right?


00:02:50:19 - 00:03:22:17

 

And if you make all of these ones, it's 255. Right. I talked a little bit in the course about counting in binary, but basically trust me on this, like you don't really need to understand what binary is in how to count in it right now. But relative to understand this, just know that this is basically data and it's a value and it's telling the r value for this pixel, what color it is like, what's the R value right now?


00:03:22:23 - 00:04:00:06

 

Because it's a number and because it's a pixel. What we can do is we can flip a bit like this, right? So see how it's 144 here and 145 here? Well, if you look really, really quickly at the two values or the two colors, changing the value from 144 to 145 is so subtle that it's visibly undetectable. It is insignificant.


00:04:00:06 - 00:04:29:12

 

You're not a human is absolutely not going to detect a change from 144 to 145. The same can be seen here. This is green with a value of 141 and this is green with a value of 140. Now to a computer. These are two different values completely. But to the human eye, looking at the picture that pixel is going to look in in like it won't look any different than it did before.


00:04:29:14 - 00:04:55:24

 

So because of that, what we can do is we can flip those a little bit. And if we have a program that knows to look at those bits or to flip those bits, we can change those and then reassemble them afterwards and hide data in those bits. Right. Because think about it for a second. All data is whether it's an application, whether it's a secret message, all it is is data, it's bits and bytes.


00:04:55:24 - 00:05:16:10

 

Right? So if we can hide bits and bytes inside of a photo by flipping suddenly some of these pixel values. And then when we get that, when we send the message to our other person and they take it and run the same program to extract those bits, they'll have like, you know, 01001 whatever, They can take it and reassemble it.


00:05:16:10 - 00:05:35:12

 

And if they and if they know that it's a secret message or program or something like that, they can reassemble it and then view it. So this is what steganography is and this is how we are going to be able to hide data inside of an image without it being too perceptible to a human eye. So let's jump into it again.


00:05:35:17 - 00:06:01:24

 

I'm going to be following the standard lab workflows and processes that you're going to see in the in the lab steps so you can follow along with me. You can watch the video, you can pause it, you can just blast through the actual lab steps if you want. Again, we're in the try hack me. So if you use the link to go to the lab platform, try hack me dot com slash room slash cyber One, two, one.


00:06:01:27 - 00:06:18:27

 

You'll get in there and we are doing 906 hiding data and pictures with steganography. So just go ahead and click on that. It will expand. You could see the lab manual overview is here. You're going to learn what the objectives are in the lab, what the benefits of the lab are, and of course, the lab steps that we'll go through.


00:06:18:29 - 00:06:45:04

 

Go ahead and start the attack box by clicking the blue button and start the machine by clicking the green button. We've now started the machine and we've started the attack box. You'll notice the title of this machine is DV WJ and the IP address will be shown in the second. I'm going to jump ahead to where this is all initialized.


00:06:45:06 - 00:07:01:10

 

All right. So you can see our system is initialized. We've got the IP address over here. I don't think we're actually going to be using this system, but it's there. And then we've got the terminal screen here with the rainbow font and that. So I'm going to go ahead and click in here and hit the enter key to get rid of it.


00:07:01:12 - 00:07:25:21

 

We are off and running. So following the instructions here, we're going to go ahead and click on places on the top of the attack box interface going click places and click on that home folder that's going to open up a file browser. So now what I want you to do is you can click in here into the address bar space because we're going to type in here.


00:07:25:23 - 00:07:53:26

 

All right? We've selected it all and we're going to delete. So now what we're going to do is go to user or excuse me, slash us. Ah, by the way, people call that user when they say it, but you see our slash share slash backgrounds slash a boon to mate dash photos and hit enter. Okay, once you hit enter, you're going to see this group of photos right here, just some pictures that come standard on this machine.


00:07:53:28 - 00:08:18:23

 

Go ahead and click on Johann Simmons. Double click it. You can see this is the graphic I've decided to hide a message in. And you can look at it. You can see it. It's easy. It's 2500 pixels wide by 1440 pixels tall. Go ahead and click this red X to close out on the image. All right, Nicely done.


00:08:18:25 - 00:08:47:03

 

Now what I want you to do is click on the terminal icon on the desktop. If you have to move the window, move it, click on that terminal icon, double click it. So it opens up a screen or, you know, a terminal window here and type CD space slash us r slash share slash backgrounds slash a boon to make photos.


00:08:47:05 - 00:09:11:28

 

Okay, Type L. S, Let me show you what that look like. Okay. CD space slash us r slash share slash background slash a boon to dash mate dash photos. If you did this correctly, you'll see that now it's going to have that same directory in blue right here. If you don't have this blue directory, go ahead and try the CD command again because you need to be in here.


00:09:12:00 - 00:09:32:18

 

Once you're in there, go ahead and type LS and hit enter. You'll see here I've typed LS and hit enter and it returns all the files in this directory, including the one that we care about this Johann one. Now, really quickly, just for a fun fact, I want to point out this ls command in the files in this directory.


00:09:32:20 - 00:10:07:12

 

You'll notice they're identical to the ones that are in this directory right now. We're in this directory in the terminal shell, and we're in the same directory in the file Explorer. So, like, we're looking at the same thing. We're just looking at it through two different applications, one in a explorer window and one in a terminal shell. Okay, Now, going back to the terminal shell, I want you to type in the command stag hide space, NCI info, and I'm going to I'm going to all zoom in so you can see it right.


00:10:07:14 - 00:10:42:23

 

Let me get this in a way that it's being really fickle for me here. come on. I just want to expand the screen, bro. I got to come at me. It's so sensitive. All right, well, I guess I'll just do it the hard way. You can see here it's stag hide as Teague H as Teague ID one word, and then space, E and C I and F.


00:10:42:25 - 00:11:11:15

 

don't forget the O, the O's over here. I can't get it easily to show you, but it's Steg hide space NCI info. It's in the lab manual too, if you need it. Okay. Okay. Hit enter and you'll see. This is basically telling us Steg hides encryption algorithms that are available to it. So not only are we going to hide data in there, but we're going to encrypt it too, because we don't want anyone to find it.


00:11:11:15 - 00:11:33:15

 

All right, So now what I want you to do is type in nano secret dot text. Okay? Nano is a text editor, right? So just nano space, Secret dot text. So we're creating a new file called Secret Dot Text that we're going to edit, hit enter and you will notice that now we are in this text editor window.


00:11:33:15 - 00:11:55:18

 

All right, now what I want you to do is in this window, I want you to type. This is a secret message for your eyes only, period. Okay? This is a secret message for your eyes only if you don't type this message. Some of the things I'm going to show you in a second won't work. So make sure that you type it with this way.


00:11:55:18 - 00:12:13:04

 

Capital T, the spaces, the period, all that. Again, you could type in something different in it. It'll still work. It's just I'm going to point to some file sizes in a second. All right. So here we go. We've got our secret message now from within this window. I want you to hold the control button down on the keyboard and press X.


00:12:13:06 - 00:12:31:17

 

When you do that, you're going to get this thing down here that says Save modified buffer. You want to hit the capital Y, capital Y, If you hit enter, it's going to say, no, you got to hit capital Y, then it's going to switch to file. Name the right secret text. You want to hit enter here and there you go.


00:12:31:17 - 00:13:02:17

 

It drops you out. And now you've written a new file called Secret Detects with a secret message in it. All right, I'm going to type dude B secret dot text. Okay. D u is disk usage D you dash b secret dot t x t, and you can see the T over here because it wrapped around. Okay, go ahead and hit enter and you'll see it's kind of hard because the little tab things in the way but it's showing us that the secret text file is 45 bytes long.


00:13:02:23 - 00:13:32:12

 

Now I want you to type in Steg hide space info space and then the Johann Simmons five name on JPEG. The file name of that image file Stag hide Space info. Space Yohann Dash Simmons Dash 591. jpeg again it's in the lab steps and it's the file, the image file that we're been talking about and looking at. Go ahead and hit enter.


00:13:32:15 - 00:14:07:25

 

It's going to say try to get information about hidden data. You can hit no and you'll see that the file itself is a JPEG and it has capacity capacity to story file up to 45. I mean, excuse me, up to 200 kilobytes. That's a lot of data. And the reason that it's only got a maximum amount of 200 kilobytes is because at some point, if you were to store like a, you know, a 75 megabyte file in that folder, the picture would be completely distorted and it wouldn't look any it would look definitely tampered with.


00:14:07:25 - 00:14:33:10

 

Right. So they're saying that they can change up to 200 kilobytes worth of data without making the image look different. All right, so now let's do this. Let's do this. Okay. Type in SHA one some and then that. Johann Simmons j591 JPEG sha one some is basically going to calculate a hash signature for this and it's for the file the Johann Simmons 591.


00:14:33:10 - 00:15:00:25

 

Go ahead and hit enter. I want you to notice the this value. This is a hash value. This is a one way math function and it's like a fingerprint for this file. It is unique. If I did a hash on another file, it would be totally different. This is a unique fingerprint. So if I sent this file to you on your computer and you ran SHA one some, you would get the same exact hash because it's unique to that file.


00:15:00:29 - 00:15:35:17

 

All right, now, let's keep going here. I want you to type in the following command stag hide. We're about to hide the data. Embed space dash e and we're going to use the rained all to 56. So it's r i j rn dea el-256 space cvc dash z nine space dash ecf. I'm going to explain all this in a second.


00:15:35:17 - 00:16:02:03

 

Okay. Dash e f Secret dot t. Okay. Now a couple of things here. One stack hide is the command. So let me get this so you guys can see it. Steg Hide is the command. So we're saying use tag, hide in bed function of the stag. Hide. So in bed, our secret file into the image use the dash is the use the following encryption algorithm.


00:16:02:06 - 00:16:27:09

 

Randall Dash 256 and the CBC. I think not algorithm. It's drop in my mind. But basically CBC is like the weight, like the amount of blocks that it's going to do. Don't worry about it. Just do CBC, Dash Z nine and this is like Z is like the level of compression. Nine is the greatest level of compression. So I want the greatest compression.


00:16:27:12 - 00:16:54:03

 

Then F is basically what image we're going to be using to hide our data. Simmons Johan Dash. Simmons Dash 591 JPEG and dash e F is what is the message we're going to hide in there and it's the file secret dot text okay And you can see earlier when we did an F0 stag hide encryption info, you can see here's the rain knoll one 256 And then we could have said CBC, CFB CTR, but we just did.


00:16:54:03 - 00:17:12:29

 

CBC go ahead and hit enter. It's going to ask us for a passphrase right here. Okay. What I want you to do is type the word secret SCC r e t When you type you will not see any feedback on the screen. Your looks like your keystrokes are not coming in, but they are hit. Enter it. We'll ask you to reenter it.


00:17:13:06 - 00:17:37:20

 

Enter the same password secret all lowercase scc r t hit enter. Now it's embedded. If you get this you've done it correctly. Embedding secret dot text in that image. Okay, cool. Good job. Now what I want you to do is I want you to type sha1 sum and put that Johann Simmons 591 jpeg again, I want to I want you to look at this right away.


00:17:37:20 - 00:17:42:09

 

Look, here is the hash that we had just a minute ago.


00:17:42:12 - 00:18:06:15

 

And here is the hash. Now, we just modified the file by adding data into it and you can see it's got a brand new fingerprint because guess what? This Johann Simmons jpeg and this Johann Simmons JPEG are different. They're not the same file. But if you look at the picture, it looks identical to you and I. There's a secret message hidden in this picture right now.


00:18:06:17 - 00:18:31:06

 

Let's close this out. All right? So what I want you to do is I want you to type stag hide info. Johann Simmons, JPEG. Right. You can see it right here. Stag hide, space info Space. Johann Simmons 591 JPG Hit enter. Now it says Try to get information type. Why? It asks for the secret passphrase. Remember we just entered.


00:18:31:07 - 00:18:51:02

 

It's the word secret lowercase s e c r e t enter. And you can see there it tells us the embedded file is secret dot text and it's using this encryption algorithm and it's compressed. Like I told you I was going to do. All right, Very cool. Now I just want to show you that secret detects files right here because we created it.


00:18:51:08 - 00:19:23:27

 

So what I want you to do is this the spot in the. Yes. What I want you to do is I want you to type in envy. Secret dot text to Old Secret Dot text. Okay. Basically, I'm just telling you to type in envy space, Secret dot text, and then space old Secret dot text. Okay, All we're doing here is basically we're basically just changing the file name to old secret.


00:19:23:27 - 00:19:48:15

 

So you can see, I think I accidentally launch this app, so just disregard that. Sorry. All right, so now what I want you to do is we're going to extract the data, ignore this pop up. It's a mistake. All right, So stag hide, extract, dash, SRF, Johan Semen da da da da dash P secret. Now, let me show you what we're doing here.


00:19:48:17 - 00:20:12:16

 

We're called stag hide extract that ends in a T. You can see because of the word wrap the T's down here. Space dash S.F. the file with the secret message is this Johann Simmons 591 JPEG and then space dash p secret. And this is basically the password to get in there is secret. Okay, so hit enter. And you could see wrote extracted data to secret.


00:20:12:16 - 00:20:32:08

 

We just pulled out that secret message. Right? So if I had embedded this and then sent it to you, you could have done the extraction. Had you known the secret password, which I would have given to you in a different manner than that. Okay, Now just look again. You could see you could see, like literally the secret file just dropped under the desktop.


00:20:32:10 - 00:20:54:28

 

You can do it again here. Else like I showed you before, this is like before extraction. You'll notice the secret files. Not here. Here, is it? After extraction? And in fact, yes, that secret text is right there. Right now. Now, of course, just for fun, we're going to do Cat Secret dot text typing, cat space, Secret dot text, not a kitty cat.


00:20:54:28 - 00:21:22:08

 

Now it is basically short for concatenate, but it basically allows you to dump the content of a text file to the terminal. All right, so cat space secret text hit enter and you could see there, in fact, is our super secret message for your eyes only. All right. Seriously. Great job, everybody. I hope you enjoyed this. If you want to do some fun, hide a secret message and send it to someone else and have them extract it.


00:21:22:08 - 00:21:44:13

 

And it's just kind of fun. And you can, as I mentioned in the lectures, I mean, nation states use this for espionage because think about it, you could literally hide a message in here and post the photo on Instagram or Twitter and use a special hashtag to tell your handler that this, in fact, does have a secret message hidden in it.


00:21:44:18 - 00:22:05:25

 

So it really is plausible to convey information right in front of everybody's eyes and no one really notices before you close out. Definitely hit that power button down here to terminate the attack box. Thank you. And we didn't use the DVD machine. I made a mistake to start it, but go ahead and just terminate it. And that will complete the lab for this.


00:22:05:27 - 00:22:10:18

 

For this module. I hope you enjoyed Steg hide steganography, and I'll see you in the next one.


Complete and Continue