Some basics for Image Steganography in Linux:
file:
Running the 'file' command to see the Image's type. For instance you could be given a .jpeg file but after running 'file' command you could see its a PNG.
exiftool:
Using the 'exiftool' to see the metadata, like checking the size of the image to see its sensical or its too large, there could be location tags and other clues.
strings:
Running the 'strings' command to see if there are plaintext extractable characters
hexdump:
With 'hexdump' you will see the hex format of the file. For instance the first few bytes will tell you the type of file. or searching for the 'FE' marker what comes after 'FE' is a comment on the file.
You could also use the 'xxd' command.
binwalk:
'binwalk' will show if there are any embedded files. and if there are you can extract them with 'binwalk -e <filename>'.
steghide:
Steghide is a steganography program that hides data in various kinds of image and audio files. It also extracts hidden data.
to extract hidden data run: 'steghide --extract -sf <filename>'
some files will need you to provide a passphrase in order to extract hidden data.
for more tips on stego this is an interesting page:
https://book.hacktricks.xyz/crypto-and-stego/stego-tricks
#osint #stego #steganography #cybersec #cybersecurity #infosec #tools #ctf #data #linux
