Paradoxis
commented
4 years ago Gee whiz, I wonder what that could mean
Closed OlivierPL closed 4 years ago
Paradoxis
commented
4 years ago Gee whiz, I wonder what that could mean
OlivierPL
commented
4 years ago i fixed it
Paradoxis
commented
4 years ago 
deut-erium
commented
4 years ago Bug is valid!
If you dont have rockyou.txt in /usr/share/wordlists/, it will fail (most probably not present if not an Kali install)
download rockyou.txt and put it in /usr/share/wordlists/ (would require sudo)
Or create a soft link to existing rockyou.txt
sudo ln -s /path/to/rockyou.txt /usr/share/wordlists/rockyou.txt
Paradoxis
commented
4 years ago @deut-erium well it isn’t a bug, it’s an environmental issue. If the default wordlist doesn’t exist on your machine there’s not much I can do to help. You can specify a wordlist by passing it as a second argument to the tool, it literally states it in the README as well as if you run the tool with --help, or even when you run it without any arguments.
The tool is designed to be used with custom wordlists, but falls back to the default rockyou.txt location on kali as that’s what most users of the tool will be running, this is more a usability feature than it is the “one and only true wordlist” to use for steganography.
I don’t want to sound like a prick but if people can’t read the very very simplistic manual I don’t believe they should be trying to use CTF tools yet. I 100% encourage learning this kind of stuff as more smart people on earth is always better, but I recommend you start with command line basics before jumping straight into complicated topics like steganography.
So in short: No, I can’t fix this issue. I expect users have a certain level of technical understanding when using it. The only way I can fix this is by removing the default value feature all together, which would just lead to a worse overall user-experience whilst using it.
deut-erium
commented
4 years ago Sorry to say but using environmental assumptions for defaults is a bad idea.
You can easily use pkg_resources to pack and use the rockyou.txt inside your package.
I will probably start learning command line basics by tomorrow 😄
Paradoxis
commented
4 years ago I appreciate the suggestion and yes environmental assumptions are evil, so is shipping the full 130mb wordlist is a pretty bad idea as the package can (and does) get used as a Python library as well, that would just create a lot of unnecessary bloat in CI/CD pipelines
The wordlist is not per-se a dependency of the tool as it works exactly as documented and runs fine without it. Again it’s more of a usability thing than a bug
I could make it quit with a “no wordlist specified” error instead if rockyou doesn’t exist either, what do you say?
deut-erium
commented
4 years ago Indeed 130MB is a lot, thats why probably each tool expects a path to wordlist.
The best thing would be to update the example on the README of the project (which uses no wordlist).
Just making the wordlist to exist still holds as a "quick fix" for those who are too lazy to specify a path to wordlist each time.
Paradoxis
commented
4 years ago I updated the tool to try to use rockyou by default, but quit with a helpful error message instead if it fails to find it. The following release will have the following changes:
i have a problem when i run stegcracker i have an error Error: Wordlist '/usr/share/wordlists/rockyou.txt' does not exist!