Skip to content

Basic Tools

This page introduces you too a large collection of open source tools some of which are regularly used and others used very rarely.

Exiftool

It is a tool that is used mainly to read metadata in files.

Installation

1
$ sudo apt install exiftool

Usage

1
$ exiftool <file-name>

Exiftool gives the metadata of a file as its output. This data can be used for further analysis regarding the file type and its data. On a CTF point-of-view, we might get clues and hints or information that might turn out to be crucial for finding the flag.

Tip

strings is a bash command that shows all the ASCII strings in the file that is passed into the command. In CTFs it is often seen that sometimes some clues or even the flag can be found as an ASCII string inside the given challenge file. Way to use:

1
$ strings  <file-name>

References

For more information about the tool,

1
$ man exiftool

Ghex

Ghex is a tool which helps us to view and edit the hex data or hex dump of an image.

Installation

1
$ sudo apt install ghex

Usage

1
$ ghex image.jpg
Using ghex we can see the headers, footers, and the data chunks of an image. It is to be noted that ghex can be used for all types of files not only images.

References

For more information about the tool,

1
$ man ghex

Binwalk

It is a tool used mainly for searching embedded files and executable code within another data file.

Installation

1
$ sudo apt install binwalk

Usage

1
$ binwalk -e <file-name>

alt text

Here in the above image, we see that there is a 'jpg image' that has a compressed 'images' in it and we see that it is, it is embedded within the jpg image file. To extract it we can make use of a carving tool dd. It can carve out data from specific offsets that are passed as arguments to the tool along the with the file that needs to be read. Give the following command:

1
$ dd if=deeper.jpg of=image1.jpg bs=1 skip=202
Where at if= the file from which data has to be extracted is passed as an argument and of= has the name of the file that we give after extraction. skip= is the offset of the file that has to be read and bs= i the byte skip argument that specifies the frequency of reading data from the given file.

References

For more information about the tool,

1
$ man binwalk

Steghide

It is used to embed and extract secret messages in images. It supports all the general formats of images like .png, .jpg etc.

Installation

1
$ sudo apt install steghide

Usage

To embed a secret message into an image

1
2
3
4
$ steghide embed -cf image.jpg -ef secret_message.txt
Enter passphrase : ********
Re-Enter passphrase : ********
embedding "secret_message.txt" in "image.jpg"... done

To extract the secret message from the image

1
2
3
$ steghide extract -sf image.jpg
Enter passphrase : ********
wrote extracted data to "secret_message.txt".
For any help with the commands type
1
$ steghide --help
It is important to note that the password may not always be a plain text sentence. Sometimes it may be hashed. Some examples of hashes include MD5, sha1 etc. We all know that there is no specific way to reverse the hashes. But, there are websites which store hashes of certain commonly used strings.

Some of such websites are:

a. HashKiller b. MD5Decrypt

References

For more information about the tool,

1
$ man steghide

Stegsolve

It is used to analyze images in different planes by taking off bits of the image.

Installation

1
2
3
4
$ wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
$ chmod +x stegsolve.jar
$ mkdir bin
$ mv stegsolve.jar bin/

Usage

Stegsolve can be invoked by placing the image in the /bin folder and running stegsolve.

1
$ java -jar stegsolve.jar

There are over 10 different planes supported by stegsolve like Alpha, Blue, Green, Red, XOR etc.

Stegcracker

It is a tool used to crack passwords in files which contains hidden data.

Installation

For installing stegcracker we would require steghide, for installing steghide try

1
2
3
$ sudo apt-get install steghide -y

$ pip3 install stegcracker

Usage

1
$ stegcracker <file> [<wordlist>]
For the wordlist, an example is to use rockyou.txt

Stegdetect

It is a tool which detects whether the given file has steganographic content or not.

Installation

Please clone this repository before executing the following commands.

If using a 64-bit system,

1
2
3
$ linux32 ./configure

$ linux32 make

You can now run stegdetect from the local directory:

1
$ ./stegdetect
Note: Stegdetect tool works only for JPEG image formats.

Usage

To run stegdetect on a directory of JPEGs use:

1
2
3
for img in `find /path/to/images/ -iname "*jpg"`; do
  ./stegdetect -tF $img;
done

Zbarimg

It is a tool used to scan and decode QR codes from image files

Installation

1
$ sudo apt-get install zbar-tools

Usage

1
$ zbarimg <file-name>

Note: Zbar can also decode QR code by webcam, for this install the following tool,

1
$ sudo apt-get install zbarcam

References

For more information about the tool,

1
$ man zbarimg

StegoVeritas

It is a python based steganography tool used to give various information about any particular stego file and prints out any data embedded inside it.

Installation

using pip

1
2
3
$ pip3 install stegoVeritas

$ stegoVeritas_install_deps

Usage

1
$ stegoveritas <file>

References

For more information about the tool,

1
$ stegoveritas -h

GPG

GNU Privacy Guard (GnuPG or GPG),replacement of PGP(Pretty Good Privacy) a free-software tool used to bring out encryption, it features a versatile key management system.

Installation

1
$ sudo apt install gnupg

Usage

To create Public and Private Keys
1
$ gpg --gen-key
List Keys
1
$ gpg --fingerprint ibaydan
Register To Keyserver
1
$ gpg --keyserver gpg.mit.edu --send-keys 003D114F
Export Public Key in ASCII formats
1
$ gpg --armor --output pubkey.txt --export 'ibaydan'
Encrypt A file
1
$ gpg --encrypt --recipient 'ibayadan' --output ServerPass.txt.enc ServerPass.txt
Decrypt A file
1
$ gpg --output foo.txt --decrypt ServerPass.txt.enc
List Installed Keys
1
$ gpg --list-keys
Delete Key
1
$ gpg --delete-key ibayadan
Delete Key with Secret Keys
1
$ gpg --delete-secret-keys '[email protected]'

References

For more information about the tool,

1
$ man gpg

Stegsnow

Stegsnow is a tool for concealing messages in text files by appending tabs and whitespaces at the end of lines.The encoding used by snow relies on the fact that whitespaces and new lines won't be displayed in text editors.

Installation

1
$ sudo apt install stegsnow

Usage

Encryption

Original Text File

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
Not like the brazen giant of Greek fame,
With conquering limbs astride from land to land;
Here at our sea-washed, sunset gates shall stand
A mighty woman with a torch, whose flame
Is the imprisoned lightning, and her name
Mother of Exiles. From her beacon-hand
Glows world-wide welcome; her mild eyes command
The air-bridged harbor that twin cities frame.
“Keep, ancient lands, your storied pomp!cries she
With silent lips. “Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless, tempest-tossed to me,
I lift my lamp beside the golden door!

Command

1
$ stegsnow -C -m "Attack At Dawn" -p "hail-hydra" NewColossus.txt NewColossusMod.txt
Modified Text File
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
Not like the brazen giant of Greek fame,                      
With conquering limbs astride from land to land;                     
Here at our sea-washed, sunset gates shall stand                      
A mighty woman with a torch, whose flame                             
Is the imprisoned lightning, and her name                         
Mother of Exiles. From her beacon-hand              
Glows world-wide welcome; her mild eyes command
The air-bridged harbor that twin cities frame.
“Keep, ancient lands, your storied pomp!cries she
With silent lips. “Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless, tempest-tossed to me,
I lift my lamp beside the golden door!

Decryption
Command
1
2
$ stegsnow -C -p "hail-hydra" NewColossusMod.txt
Encoded Message: Attack At Dawn

References

For more information about the tool,

1
$ man stegsnow