Stegcracker Not Finding Known Password
papafett opened this issue · 5 comments
Hi,
I'm doing a hackthebox challenge and using stegcracker for some steg CTFs. Unfortunately it doesn't seem to be working for me, when I run it against an image I know the passphrase for (and put that in my list) it never gets it, I just get:
$ sudo /bin/stegcracker first.jpg guesses.txt
StegCracker - (https://github.com/Paradoxis/StegCracker)
Copyright (c) 2018 - Luke Paris (Paradoxis)
Attacking file 'first.jpg' with wordlist 'guesses.txt'..
\x1B[31mError:\x1B[0m Failed to crack file, ran out of passwords.
I've attached the files I'm using
Thanks for the bug report, I'll try to look at it this weekend :)
@papafett Could you tell me which password it should be exactly? Makes it a bit easier to debug
Might be related to the fact guesses.txt
doesn't end with a newline, as the read specs state:
The read utility shall read a single line from standard input.
By default, unless the -r option is specified, shall act as an escape character. An unescaped shall preserve the literal value of the following character, with the exception of a . If a follows the , the read utility shall interpret this as line continuation. The and shall be removed before splitting the input into fields. All other unescaped characters shall be removed after splitting the input into fields.
If standard input is a terminal device and the invoking shell is interactive, read shall prompt for a continuation line when it reads an input line ending with a , unless the -r option is specified.
The terminating (if any) shall be removed from the input and the results shall be split into fields as in the shell for the results of parameter expansion (see Field Splitting); [...]
Changing line 73 to the following might fix your problem:
done < <(grep "" $wordlist)
Tested & fixed
Did the following with the same issue noted above:
Updated to the latest:
pip3 install stegcracker -U --force-reinstall
steghide embed -cf image.jpg -ef secret.txt
created a password of "password" and several other words in it for testing.
created a file named dict.txt with the word "password" in it.
ran:
stegcracker image.jpg dict.txt
Error: Failed to crack file, ran out of passwords.
Tried downloading tom.txt and using a password from that file with a image.jpg and I get the same error.