13

Post 55

Truthsocial couldn't really be mentioned in 2017 so Twitter could have been a placeholder. Unless they relent and let Q+ back on because TS is pulling their entire userbase. Thoughts?

15
147
81

In regards to a post by u/Smittyliason the other day I have isolated all of the lines from Q posts that have [brackets] in them.

Bracket Messages.txt

I captured all the posts from qanon.pub

These are in order starting from the earliest posts and ending latest posts.

My regex is rusty so there may be mistakes but I think it's good for the most part.

There are 2994 lines. I have left the text on the lines including brackets for context and because, my regex is rusty.

I was looking at the post https://greatawakening.win/p/12hReJBLWC/so-you-wanna-save-the-world-read/

by user

u/SqueezeOrSqooze/

I thought I'd help by showing some basic BASH scripting and a quick setup of Kali Linux to automate some of these tasks. You'll need a computer.

To make things easier to explain and more secure, use a virtual machine: Download and install: Oracle VirtualBox

Download an VM, I suggest Kali since there are many tools preinstalled for discovery and forensics: Kali Linux VM Images - Choose the Virtualbox 64-bit image if you are using VirtualBox as linked above.

Open VirtualBox and use the Import button to import the Kali OVA file in to VirtualBox. Import and you're ready to go.

Start up the Kali VM. Default username/password are kali/kali

Once logged in, first thing to do is open a terminal. Click on the dragon icon in the top left and look/search for Terminal Emulator or just press CTRL+ALT+T. Run the command 'sudo apt-get update' without the quotes.

Let's download a tool called stegdetect to examine the pictures: Run the command 'wget http://launchpadlibrarian.net/16746333/stegdetect_0.6-6_amd64.deb' in the terminal.

Next run the command 'sudo apt-get install ./stegdetect_0.6-6_amd64.deb' to install stegdetect.

Now time to start scripting.

By default, your terminal is in the /home/kali directory. You can see your present working directory by running the 'pwd' command in the terminal.

We'll just use this directory for simplicity.

First get some pictures to investigate. Click on the dragon icon in the top left and search for and open Firefox ESR. I went to qanon.pub for this example. Scroll to the very bottom so that you can see Q post #1. This will make the browser load all of the images from that page so you may save them. Save the entire website: CTRL+S.

Save it to your home directory. It will save Q.html and a Q_files directory. All of the pictures will be in the Q_files directory.

Back at your terminal run the command 'cd Q_files' to change the present working directory to /home/kali/Q_files. Always remember, linux is case sensitive.

Let's write the script. At the terminal in /home/kali/Q_files directory, run the command 'sudo nano stegdetect.sh' You can name this whatever you want (i.e. stegdetect,sh, puppies.sh, geotus.sh). This name is just how you'll identify the script.

You are now in a nano shell. You can now type your script.

In this example lets run the command stegdetect on all pictures in the Q_files directory.

Type in the 4 lines as below.

for file in /home/kali/Q_files/*

do

stegdetect "$file" >> detresults.txt

done

This script will read all files in the directory, run stegdetect on each one, then write the results to detresults.txt.

While you are still in the nano shell, hit the CTRL+O key on your keyboard. This will write your file. Then press CTRL+X to close nano and you'll drop back in to the terminal.

Once nano is exited, run the command 'sudo chmod +x stegdetect.sh'. This will give permission for the script to execute.

Now run the script using './stegdetect.sh' in the terminal.

Ignore all of the output errors as it is running it against ALL of the files in that directory and several of them are not compatible or not relevant.

Here are my results, some of these files might have something interesting: detresults.txt

jphide, outguess, are possibly the methods being used in several of these pictures. Time to look these up.

There are several files from qanon.pub that are showing there may be good chance of something being hidden in them. NOT GUARANTEED THOUGH. The number of asterisks are supposed to gauge how likely there might be something hidden. From 1 to 3 being the highest. It also shows the method that was likely used.

To automate stegseek. Make a new script using the info above. Give it a new name. The next 4 lines are the code:

for file in /home/kali/Q_files/*

do

stegseek "$file" wordlist.txt >> results.txt

done

wordlist.txt will be a list of words on separate lines that stegseek will use to try and solve the steganography. This is where you'll put all of the possible passwords you want to try. Put this in the same directory you are running the script.

To create your own run 'sudo nano wordlist.txt' and put each word on a new line. You can name wordlist whatever you want but you'll have to change wordlist.txt to whatever you named it in the 4 line of script as above.

I also recommend exploring existing word lists like rockyou.txt. There is a built in rockyou.txt list for Kali located in /usr/share/wordlists/ . You'll have to decompress it and drop it to the location where you're running the script. You can add and remove words to this list as you wish.

I used rockyou.txt and included the possible passwords from u/SqueezeOrSqooze/ 's post indicated at the beginning of this post.

No stegseek results on any of the files from qanon.pub.

Let's get to work.