Their are cases where we need to hide information from another system administrators having root password and no sudo users.
I got into a situation where I needed to achieve that level of security wherein I wanted to hide scripts from another system admins having a root user.
After days of implementation, I came up with Steganography + Encryption + hiding processes.
Steganography = Steghide
Encryption = SHC
Hiding processes = exec
Steghide: Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files.
Installation –> It’s a pain when installing on Cent OS 5.x and 6.x series with gcc compiler version 4.x.x series.
You should have the following libraries installed to use steghide.
- libmhash
- libmcrypt
- libjpeg
- zlib
Cent OS 5.x
32bit = rpm -ivh “http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm“
64bit = rpm -ivh “http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm“
Cent OS 6.x
32 bit = rpm -ivh “http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm“
64 bit = rpm -ivh “http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm“
Once you are done with it,
- yum install libmcrypt*
- yum install mhash*
- yum install libjpeg*
- yum install zlib*
Now let’s start with the steghide installation,
- Download tar.gz file from http://steghide.sourceforge.net/download.php
- wget http://sourceforge.net/projects/steghide/files/steghide/0.5.1/steghide-0.5.1.tar.gz
- tar -xzvf steghide-0.5.1.tar.gz
- cd steghide-0.5.1
- ./configure
- Before running “make” and “make install”
you need to make sure to make changes in following files for the successful installation of steghide because of gcc version,
- vi steghide-0.5.1/src/AuData.h, make sure to add <template> as shown below between typedef and inline
Example : This continues till the end.
// AuMuLawAudioData
typedef AudioDataImpl<AuMuLaw,BYTE> AuMuLawAudioData ;
template<>
inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; }
template<>
inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; }
// AuPCM8AudioData
typedef AudioDataImpl<AuPCM8,SBYTE> AuPCM8AudioData ;
template<>
inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; }
template<>
inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; }
and so on …….
- vi AuSampleValues.cc
#include “AuSampleValues.h”
// AuMuLawSampleValue
template<> const BYTE AuMuLawSampleValue::MinValue = 0 ;
template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ;
// AuPCM8SampleValue
template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ;
template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ;
// AuPCM16SampleValue
template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ;
template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ;
// AuPCM32SampleValue
template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ;
template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ;
- vi MHashPP.cc, add #define _Bool bool as shown below,
#include <cstdlib>
#include <string>
#define _Bool bool
#include <mhash.h>
- vi MHashPP.h
#ifndef SH_MHASHPP_H
#define SH_MHASHPP_H
#define _Bool bool
#include <mhash.h>
#include “common.h”
- Locate mhash_config.h.in and make following changes and open the file,
- include/mutils/mhash_config.h.in: Remove PACKAGE_ variables from the include file.
- vi mhash.h
mutils_word32 mhash_count(void);
mutils_word32 mhash_get_block_size(hashid type);
char *mhash_get_hash_name(hashid type);
remove
mutils_word8 *mhash_get_hash_name(hashid type)
void mhash_free(void *ptr);
__const mutils_word8 *mhash_get_hash_name_static(hashid type);
- vi Graphs.cc
add #include <climits>
#include “common.h”
#include “msg.h”
#include “wrapper_hash_set.h”
#include <climits>
- Now execute “make”
- make install
And you are ready with the steghide.
SHC: Creates a stripped binary from the script file.
- wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
- tar -xzvf shc-3.8.7.tgz
- make
- make install
Scenario: I don’t want my script file to be visible and also the paraphrase coming from encrypted file shouldn’t be visible under ps or top command output.
Solution:
- Download an Image file and check the max size of the script that can be embedded into image file
# steghide info photo.JPG
“photo.JPG”:
format: jpeg
capacity: 56.3 KB
Try to get information about embedded data ? (y/n) n
The above shows that upto 56.3 KB size of script can be embed into image file
- steghide embed -cf photo.JPG test.sh
- Enter passphrase:
- Re-Enter passphrase:
embedding"test.sh"in"photo.jpg"...done- rm -f test.sh
Extracting Image file:
- steghide extract -sf photo.jpg
- Enter passphrase:
- wrote extracted data to “test.sh”
Also if you want you can change the file name from test.sh to another file-name while extracting from Image file.
- steghide extract -sf photo.jpg -xf httpd
this will extract test.sh as httpd
Now the scripting part comes where we are automating the entire logic,
First Script:
config.sh
#!/bin/sh
p=devilinred (pass phrase used at the time of embedding via steghide)
b=httpd
exec -a “/usr/sbin/httpd 38456 tty7 httpd-dssl” /usr/bin/expect /root/trigger.exp $p $b
trigger.exp
set p [lindex $argv 0]
set b [lindex $argv 1]
set timeout -1
spawn steghide extract -sf /root/photo.jpg -xf /root/$b
match_max 100000
expect -exact “Enter passphrase: “
send — “$p\r”
expect eof
spawn sh /root/$b
expect eof
spawn rm -f /root/$b
expect eof
Now let’s encrypt a config.sh file,
- shc -f config.sh
then you’ll have three sets of file,
config.sh (original file)
config.sh.x (C file)
config.sh.x (encrypted file and executable)
- rm -f config.sh.x config.sh (copy the original sh file to a safe location .. on your pen drive or i-pad etc etc)
- mv config.sh.x configs
- chmod +x configs
- cp -ap configs /bin/
- execute configs as ./configs
when you execute the script and monitor “ps aux” output, you will see something like this,
root 30089 0.0 0.0 2252 252 ttyp1 S+ 02:42 0:00 /usr/sbin/httpd 38456 tty7 httpd-dssl sh httpd passphrase
PS: you can still see your pass-phrase in the pas aux output but I am working on that, till then you can select pass-phrase in a way like system calls
Example : fork_prefork 
or include<stdio>
If you need the entire src folder for steghide, let us know.
At this time it looks like WordPress is the preferred blogging platform available right now. (from what I’ve read) Is that what you’re using on your blog?
yes, we are using wordpress.
I cherished as much as you will receive performed proper here. The sketch is tasteful, your authored material stylish. however, you command get bought an nervousness over that you would like be handing over the following. ill definitely come further in the past once more since exactly the similar just about a lot often inside of case you protect this hike.
I appreciate, lead to I discovered just what I was taking a look for. You’ve ended my 4 day long hunt! God Bless you man. Have a great day. Bye
Thank you for your comment
hello there and thanks for your info ? I’ve certainly picked up anything new from proper here. I did alternatively expertise several technical points the use of this site, as I skilled to reload the web site many instances previous to I may just get it to load correctly. I had been wondering in case your web hosting is OK? Not that I’m complaining, however sluggish loading cases instances will often impact your placement in google and can harm your high quality ranking if ads and marketing with Adwords. Well I am adding this RSS to my e-mail and can look out for a lot more of your respective fascinating content. Ensure that you update this once more very soon..
website hosting is fine but just we haven’t purchase the domain and so options are less. soon we are going to purchase the domain. thank you for your comment.
Hi there, simply changed into aware of your weblog via Google, and located that it’s really informative. I’m going to be careful for brussels. I will appreciate should you continue this in future. A lot of other people will likely be benefited from your writing. Cheers!
Very interesting points you have remarked, thanks for putting up. “The thing always happens that you really believe in and the belief in a thing makes it happen.” by Frank Lloyd Wright.