Finding Passwords Hidden In Images (Steganography)

While conducting a ctf I have found an image with ssh key hidden in it, In this post I’m going to talk about how to extract a hidden ssh key from a image and then extract using john the ripper.

Check for hidden passwords using strings

strings image.jpg

Check with steghide for hidden ssh keys

steghide extract -sf image.jpg

steghide

we have found the key in encrypted format. Let’s Decrypt the file and find the password.

Convert to john type using ssh2john

ssh2john.py id_rsa > id_john

steghide

Crack the password using john

Final task is to crack the password using john. To complete this task I’m using rockyou.txt as my password file.

john id_rsa_john --wordlist=/usr/share/wordlists/rockyou.txt

steghide