Embed and Export Tools
Foremost
foremost is used to also to extract data
foremost -e filename
or
foremost e filename -T
Bulkextractor
in order to find url or and text in dmp file just like we used in participation 4
unzip the .dmp file or any file
extract it using any extraction tool for example : bulkexractor
Bulk_exractor newoutputfilename memorydumpname_or_anyfilename
cat filename | grep "the given text "
Binwalk
Detect a hidden data + extract data:
binwalk filename
binwalk -e filename
⚠️ ***you can take the offset of the beginning of the file and extract it from hexeditor***
WinHex
🛠in kali linux there is a tool just like HexEditior , Winhex named → bless hex editior
WinHex & HxD are in windows
You can use online tools like : https://hexed.it
Download cmd :
sudo apt install bless
we need to know file signatures in order to fix any file or to check them after opening the editior here is a list of filesignatures: https://www.filesignatures.net/index.php?page=all
Bit Shifting:
WinHex also used for Bit Shifting using:
1- open file
2- modify data
3- shift to left or right
4- save it as another file named e.g:file2.txt reopen file2.txt then reverse shift left or right in order to get the data.
5- after that check the hashes use tools→compute hashes
Steghide
this tool allows you to hide data text or image inside another to emebed and exract
embed data:
steghide embed -cf downloadedImage.jpg -ef test.txt
cf : sand fot current file
ef : stand for embeded file
before extracting or after embeding passphrase is required in order to protect data most people use common wordlists like rockyou.txt or they make their own wordlist.
extract data:
steghide extract -sf downloadedImage.jpg --> is used to extract hidden file
Zsteg
this tool allows you to detect hidden data in png & bmp
zsteg [options] filename.png [param_string]
here is an example :
zsteg flower_rgb3.png
imagedata .. file: 370 XA sysV pure executable not stripped - version 768
b3,rgb,lsb,xy .. text: "SuperSecretMessage"
Stegseek
this tool allows you to break the the passphrase using rockyou.txt or any wordlist
stegseek downloadedImage.jpg wordlist.txt
Read the extracted file by typing :
cat nameofimage.jpg.out
Important notes:
to embed data :
you may use the following command:
copy /b coverfile + embeddedfile outputfile
You may also embed a file by copying the entire hexavalues and combine it with the hexavalues for another file
to create a new text document and write it:
echo “hidden text maybe ” > text1.txt
Last updated