EvilZone
Hacking and Security => Hacking and Security => : D4rKn355 November 06, 2012, 04:58:07 PM
-
I have found one draft on my gmail account, with no title, no recipients, no subjects, but only one photos. But i don't make that draft, or save an attachment, i have no idea who are the people on the photo. The photo is 603 width x 453 height, file size is 44.0 KB. I think the file size is kinda weird, so i check it out with stegodetect, and it gave positive on jpghide. Then i check with jpghide, it ask me for passphrase. I am wondering if there is any data hidden in that photo. This may be a clue to what the draft means. Anyway can you guys give me some idea on how to brute force attack a passphrase in jpghide or suggestions on any better steganography detector. Thanks in advance.
By the way i have uploaded the photos if you wanna check it out.
PS: plz don't mind the grammar mistakes, I am not english.
-
As far as I can see: jphs is open source and ships the c code with a makefile for linux users.
It uses blowfish to decrypt the data extracted from the image.
I would just modify the code in jpseek.c so it outputs the extracted (yet still encrypted) data and run the output through a blowfish bruteforcer. This way you save the time the program needs for extracting the data from the image.
It uses blowfish to determine where the bits are stored. So my first suggestion won't work.
To bruteforce it you can write yourself a script that runs the program with a given or generated wordlist. Or you use Stegbreak: http://www.outguess.org/detection.php
Edit: Is it really jpghide or jphide? I was talking about the latter. I didn't find the other one via google.
-
@Deque You are right bro. it's jphide. Can you please write the script for me? I am totally new to programming. by the way i use stegbreak to see if the photo contained other data, it gave me "jphide(*)" is this the sign of positive?
-
Can you please write the script for me?
You say in your introduction that you want to learn how to hack. So don't ask for ready made solutions. You have to learn programming and try to solve this on your own, which is the only way you will get better. We may help you on the way though, if you have specific questions.
About Stegbreak: It can bruteforce your image. Read the manual to get your questions answered. I would just do the same to answer your question, but why should I if you can do this yourself?
-
Thanks @Deque ! I get it. Thanks for pulling me on the right track.