> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/steganography/trick-0015.md).

# Credentials in Image Strings

***

Sensitive information like credentials, keys, or password lists can sometimes be hidden within the printable string data embedded inside binary files, including images. The `strings` utility extracts these sequences. Running `strings` on a target image can reveal hidden text not visible in the image itself or its standard metadata.

For instance, applying `strings` to an image like `Hot_Babe.png`:

```bash
strings Hot_Babe.png
```

This command will output all printable character sequences found within the file. By default, the `strings` command displays any sequence of 4 or more printable characters that end with a newline or null character. In a CTF context, this often reveals hidden messages, hardcoded credentials (like the `ftpuser` and password list mentioned in the example), or other critical clues. The `strings` command in Linux is a utility that extracts human-readable text strings from binary files. Binary files, such as executable programs and libraries, contain both machine code and text data. While the machine code is not human-readable, the text data often includes valuable information like error messages, configuration settings, and embedded documentation.

The `strings` command also provides several useful options to customize its behavior. For example, you can specify the minimum length of strings to display using the `-n` option. To show only strings that are at least 10 characters long from the target file:

```bash
strings -n 10 Hot_Babe.png
```

Another useful option is `-t`, which shows the offset of each string within the file. The offset can be displayed in hexadecimal (`x`), decimal (`d`), or octal (`o`). For instance, to see hexadecimal offsets for strings in `Hot_Babe.png`, you might use:

```bash
strings -t x Hot_Babe.png | head -10
```

The output includes hexadecimal offsets, which can be useful for more advanced analysis of binary files.

You can also use the `grep` command with `strings` to find particular types of information. For instance, to find any references to "password" in the `Hot_Babe.png` file:

```bash
strings Hot_Babe.png | grep password
```

To demonstrate how `strings` can effectively filter out binary data and only show human-readable text, even when it's mixed with non-text data, you can create a simple binary file for analysis.\
First, create a file with some text and binary data:

```bash
## Create a file with some text and binary data
echo "This is a visible string in our test file." > testfile.bin
echo "Another string that should be extractable." >> testfile.bin
## Add some binary data
dd if=/dev/urandom bs=100 count=1 >> testfile.bin 2> /dev/null
## Add one more text string
echo "Final string after some binary data." >> testfile.bin
```

Now, use the `strings` command to extract the text from this `testfile.bin`:

```bash
strings testfile.bin
```

Your output should include all three text strings:

```
This is a visible string in our test file.
Another string that should be extractable.
Final string after some binary data.
```

The `strings` command is not limited to images; it can be used to examine various binary files. For example, to explore the contents of a common binary file like the `ls` command and extract the first 20 readable strings:

```bash
strings /bin/ls | head -20
```

This command extracts the first 20 readable strings from the `ls` binary. You should see output similar to this:

```
/lib64/ld-linux-x86-64.so.2
libc.so.6
__stack_chk_fail
__cxa_finalize
setlocale
bindtextdomain
textdomain
__gmon_start__
abort
__errno_location
textdomain
dcgettext
dcngettext
strcmp
error
opendir
fdopendir
dirfd
closedir
readdir
```

This capability is valuable for finding embedded text in executables, discovering hardcoded paths and settings, basic forensic analysis, and troubleshooting binary files.
