#!/usr/bin/perl#Steghide must be installed for this script to work.#In Ubuntu

1. #!/usr/bin/perl
2. #Steghide must be installed for this script to work.
3. #In Ubuntu etc just do a 'sudo apt-get install steghide'
4. #If you're seeing a bunch of '0's being tried, your step is probably too large.
5. #To do:
6. # +Finish commenting
7. # +Print run time in human readable format
8. # +Create new thread imediatley after one finishes instead of waiting for all $parallelism
9. # +Create Expect.pm thread for a nicer look
10. # +General code clean up
11.  
12. use threads;
13. use threads::shared;
14. use Time::Local;
15. use Getopt::Long;
16. use Term::ANSIColor;
17.  
18. my $step = 100;
19. my $parallelism = 10;
20. my $found : shared = 0;
21. my $tested : shared = 0;
22. my $count = 1 ;
23. my $verbose;
24. my $help;
25.  
26. $SIG{'INT'} = 'INT_handler'; #Call our handler to close files before exiting when ctrl^c is pressed
27.  
28. $arguments = GetOptions ("wordlist=s" => \$file,
29. "image=s" => \$image,
30. "parallelism=i" => \$parallelism,
31. "step=i" => \$step,
32. "verbose" => \$verbose,
33. "help" => \$help);
34.  
35. #If stegfile and/or wordlist weren't given, print help and exit.
36. if(!$image || !$file || $help){
37. rtfm();
38. }
39.  
40. print color 'bold red';
41. print "\n!WARNING!\n";
42. print color 'reset';
43. print "Files with the same name as the hidden file will be automatically overwritten.\nYou should probably run this in an empty directory.\n\nPress Enter to continue...";
44. $wait = <>;
45.  
46. #Open the wordlist and wordlist index
47. open(FILE, "< $file") or die "Can't open $file for reading: $!\n";
48. open(INDEX, "+>$file.idx") or die "Can't open $file.idx for read/write: $!\n";
49.  
50. build_index(*FILE, *INDEX); #Build our wordlist index for easy line seeking
51.  
52. @timeData = localtime(time);
53. $time1 = join(' ',@timeData);
54.  
55. print "\nStarting!\n\n";
56.  
57. #Main loop runs until the end of the wordlist or the passphrase is found
58. while(defined(line_with_index(*FILE, *INDEX, $count)) && !$found){
59.  
60. #Create our worker threads
61. for($i = 1; $i <= $parallelism; $i++){
62. @thr[$i] = threads->create('do_crack', $i);
63. }
64.  
65. #Join all our threads. Oddly this didn't work when it was in the same loop as create
66. for($i = 1; $i <= $parallelism; $i++){
67. @thr[$i]->join();
68. }
69.  
70. #Incremenr our counter.
71. $count = $count + $parallelism * $step;
72.  
73. print $tested . "\n" . $count . "\n";
74. }
75.  
76. if(!$found){
77. print "Passphrase was not found :(\n";
78. }
79.  
80.  
81.  
82.  
83. sub do_crack{
84.  
85. $nThread = @_[0];
86.  
87. $offset = $step * ($nThread - 1) + $count;
88. $finish = + $offset + $step;
89.  
90. if($found){
91. threads->exit() if threads->can('exit');
92. exit();
93. }
94.  
95. while($offset < $finish && !$found){
96. if($line = line_with_index(*FILE, *INDEX, $offset)){
97. $line =~ s/\s+$//;
98.  
99. if($verbose){
100. print $nThread . ":[$offset]Trying: " . $line . "\n";}
101.  
102. $result = `steghide extract -sf $image -p "$line" -f 2>&1`;
103.  
104. if($result =~ m/extracted/ || $result =~ m/already/){
105. print "Got it! The passphrase is: $line\n";
106. print $result;
107. $found = 1;
108.  
109. @timeData = localtime(time);
110. $time2 = join(' ',@timeData);
111. print $time1 . "\n" . $time2 . "\n";
112. }
113. }else{
114. die "Offset out of range\n";
115. }
116. $offset++;
117. lock($tested);
118. $tested++;
119. }}
120.  
121.  
122. sub rtfm {
123. print "Just a simple multi-threaded script to bruteforce Steghide passphrases.\n";
124. print "Good luck! -Nevermore\n\n";
125. print "Options:\n";
126. print " --image, -i The stegfile you want to bruteforce (required)\n";
127. print " --wordlist, -w Path to your wordlist (required)\n";
128. print " --parallelism, -p Number of concurrent threads (default 10)\n";
129. print " --step, -s Number of words for each thead to test (default 100)\n";
130. print " --verbose, -v Prints every tested word with thread and try number info\n";
131. print " --help, -h What do you think you are looking at?\n\n";
132. print "Example usage: perl brute.pl -i steg.jpg -w words.txt -p 15 -s 75\n";
133. exit(0);
134. }
135.  
136. sub build_index {
137. my $data_file = shift;
138. my $index_file = shift;
139. my $offset = 0;
140.  
141. print "\nBuilding index. This could take a while for large wordlists.\n";
142.  
143. while (<$data_file>) {
144. print $index_file pack("N", $offset);
145. $offset = tell($data_file);
146. }
147. }
148.  
149. sub line_with_index {
150. my $data_file = shift;
151. my $index_file = shift;
152. my $line_number = shift;
153. my $size; # size of an index entry
154. my $i_offset; # offset into the index of the entry
155. my $entry; # index entry
156. my $d_offset; # offset into the data file
157.  
158. $size = length(pack("N", 0));
159. $i_offset = $size * ($line_number-1);
160. seek($index_file, $i_offset, 0) or return;
161. read($index_file, $entry, $size);
162. $d_offset = unpack("N", $entry);
163. seek($data_file, $d_offset, 0);
164. return scalar(<$data_file>);
165. }
166.  
167. #Interrupt handler: closes our wordlist before exiting
168. sub INT_handler {
169. print "\nDying...\n";
170. $found++;
171. sleep(1);
172. close(FILE);
173. print "Goodbye!\n";
174. exit(0);
175. }