lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 9 Jan 2007 20:29:15 +0100
From: "Michal Spadlinski" <gim913@...il.com>
To: "thesinoda@...mail.com" <thesinoda@...mail.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Cracking Steganography Application in less than ONE minute

On 6 Jan 2007 19:39:21 -0000, thesinoda@...mail.com
<thesinoda@...mail.com> wrote:
> Good day
>
> If you look at the end of your steged file you will notice it will end with 30 00 02 FF FF. So a simple HEX search will reveal all steged files.
>

According, to what you've written, I've created simple signature
for clamav:

mkdir testing
cd testing

echo "Steganography:0:EOF-5:3000(00|01|02|03|04|05|06|07|08|09|0a|0b|0c|0d|0e|0f)ffff"
> stego.ndb

this can be tested in following way:

for i in `seq -f %3.0f 0 255`;
do
  perl -e 'print "A"x100' > test_$i;
  printf "0: 3000 %02xff ff\n" $i | xxd -r >> test_$i;
done

and running clamav, against samples:

clamscan --database=clamav_stego.ndb .

[and later clamscan --database=clamav_stego.ndb /]

 cheers,
-- 
 main (int a, char *b[puts("Michal 'GiM' Spadlinski")]) {}

Powered by blists - more mailing lists