Images Exif Steg

Links

Easy

  • LookAround - Dont forget the Easy stuff!!

  • strings -n 8 secret.png

imagemagick

sudo apt install imagemagick
sudo apt install graphicsmagick-imagemagick-compat
identify -verbose allyourbase.jpg | grep "exif"

stegextract

sudo curl https://raw.githubusercontent.com/evyatarmeged/stegextract/master/stegextract > /usr/local/bin/stegextract
sudo chmod +x /usr/local/bin/stegextract
stegextract allyourbase.gif --outfile allyourbase
unzip allyourbase

binwalk

  • search image for embedded files and exe code

  • You might find ssh keys :)

  • Find an .elf file .. make sure you chmod +x .. execute it to test!

> binwalk nineveh.png        ..find
> binwalk -Me nineveh.png    ..extract
> binwalk -e allyourbase.gif 

-M: Recursively scan extracted files.
-e: Automatically extract known file types.

Found!!
> ls _nineveh.png.extracted/secret/
PreviousHydra BrutesNextMalware Analysis

Last updated