> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/steganography/trick-0038.md).

# Steganography Passphrase Brute-Force

***

Use tools like `stegseek` to attempt cracking a passphrase protecting data hidden within an image using a wordlist. Stegseek is a blazingly fast steganography cracker, optimized to be thousands of times faster than other attempts.

```bash
stegseek --crack [IMAGE_FILE] -wl [WORDLIST_PATH]
```

When using `stegseek`, the `-sf` option specifies the stego file (the image containing hidden data) and `-wl` specifies the wordlist file to use for cracking. `stegseek` will brute-force potential passphrases and may automatically extract the hidden data upon success.

Before attempting extraction, you can check if a file is embedded in the image using `steghide info`. This command displays information about a steganofile, including details about the embedded file, if any.

```bash
steghide info <image_file>
```

If you know the passphrase, you can use the `-p` or `--passphrase` option with the `info` command to inspect the steganofile and see properties of the hidden data.

If you obtain the passphrase but the data isn't extracted automatically, you can use the correct steganography tool (like `steghide` shown here) for manual extraction with the known passphrase. The `extract` command extracts embedded data.

```bash
steghide extract -sf [IMAGE_FILE] -p [CRACKED_PASSPHRASE]
```

You can also use the `-xf` or `--extractfile` option with the `extract` command to specify the desired filename for the extracted file.

It is also worth noting that versions of steghide prior to v0.7.0 are vulnerable to a passwordless extraction vulnerability (CVE-2021-27211). Stegseek can be used to detect and exploit this vulnerability. If the image is vulnerable, stegseek will extract the hidden file without requiring a password by simply running the cracking command without a wordlist:

```bash
stegseek --crack image.jpg
```
