Embed and Export Tools

Foremost

foremost is used to also to extract data

foremost -e filename

foremost e filename -T

Bulkextractor

in order to find url or and text in dmp file just like we used in participation 4

unzip the .dmp file or any file
extract it using any extraction tool for example : bulkexractor

Bulk_exractor newoutputfilename memorydumpname_or_anyfilename

cat filename  | grep "the given text "

Binwalk

Detect a hidden data + extract data:

binwalk filename

binwalk -e filename

⚠️ ***you can take the offset of the beginning of the file and extract it from hexeditor***

WinHex

🛠 in kali linux there is a tool just like HexEditior , Winhex named → bless hex editior

WinHex & HxD are in windows
You can use online tools like : https://hexed.it

Download cmd :

sudo apt install bless

we need to know file signatures in order to fix any file or to check them after opening the editior here is a list of filesignatures: https://www.filesignatures.net/index.php?page=all

Bit Shifting:

WinHex also used for Bit Shifting using:
1- open file
2- modify data
3- shift to left or right
4- save it as another file named e.g:file2.txt reopen file2.txt then reverse shift left or right in order to get the data.
5- after that check the hashes use tools→compute hashes

Steghide

this tool allows you to hide data text or image inside another to emebed and exract

embed data:

steghide embed -cf downloadedImage.jpg -ef test.txt

cf : sand fot current file
ef : stand for embeded file

before extracting or after embeding passphrase is required in order to protect data most people use common wordlists like rockyou.txt or they make their own wordlist.

extract data:

steghide extract -sf downloadedImage.jpg --> is used to extract hidden file

Zsteg

this tool allows you to detect hidden data in png & bmp

zsteg [options] filename.png [param_string]

here is an example :

zsteg flower_rgb3.png

imagedata           .. file: 370 XA sysV pure executable not stripped - version 768
b3,rgb,lsb,xy       .. text: "SuperSecretMessage"

Stegseek

this tool allows you to break the the passphrase using rockyou.txt or any wordlist

stegseek downloadedImage.jpg wordlist.txt

Read the extracted file by typing :

cat nameofimage.jpg.out

Important notes:

to embed data :

you may use the following command:

copy /b coverfile + embeddedfile outputfile

You may also embed a file by copying the entire hexavalues and combine it with the hexavalues for another file

to create a new text document and write it:

echo “hidden text maybe ” > text1.txt

PreviousVolatility

Last updated 2 years ago