Hello, aspiring ethical hackers. In our previous blogposts, you learnt what is steganography, it’s uses and how to hide secret data in an image using the tool Steghide. In this blogpost, you will learn about a tool that can retrieve hidden data from an image. The tool’s name is Stegcracker.
Stegcracker is a steganography brute-force utility to uncover hidden data inside files. Let’s see how this tool works. For this article, we will be using Kali Linux as our attacker system as this tool is available by default in its repositories. For performing steganography attack, we will be using same image in which we have hidden data using Steghide “Volcano_with_Secret,jpg”.
Check version (-v)
It is a good practice to check the version of the tool first before doing anything with the tool. You can check the version of Stegcracker using this option.
All you need to retrieve the hidden information from the image with this tool is to just supply the path of the image as shown below.
As you can see in the above image, Stegcracker cracked the password (123456) of this file and successfully retrieved the hidden data too. The retrieved data from the image is saved in a file named
Specify a different wordlist
We can even specify a different dictionary or wordlist if needed as shown below.
Verbose output (-V)
This option can be used to get detailed output from stegcracker.
Quiet mode(-q)
On the contrary, you can run Stegcracker in quiet mode. Running in this mode will just display the cracked password of the file as shown below and of course retrieve the hidden data. Status updates or other output is not displayed.
Number of threads (-t)
By default, stegcracker user 16 threads while running. Increasing the number of threads can lead to better performance. Threads can be increased or decreased using this option. For example, let’s increase the number of threads to 32.
Saving the output (-o)
As you already read at the beginning of this article, stegcracker saves retrieved hidden data to a file named “
For example, let’s save the retrieved data to a file named “secret.txt” as shown below.