Weiii Posted November 18, 2008 Share Posted November 18, 2008 Is there any way to hide an executable in a image and when u click on the image the image pops up and the executable runs in the background im bored so i wanna sent a bat file on my school mail %0|%0 Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted November 18, 2008 Share Posted November 18, 2008 Naughty naughty Quote Link to comment Share on other sites More sharing options...
Apache Posted November 18, 2008 Share Posted November 18, 2008 Here's a walkthrough... Quote Link to comment Share on other sites More sharing options...
Mat Posted November 19, 2008 Share Posted November 19, 2008 http://hak5.org/forums/index.php?showtopic=10152 The video about shows how to hide files in an image so you can retrieve them later, not so someone who does not know it's there will run the exe when opening the image Quote Link to comment Share on other sites More sharing options...
Jinx Posted November 27, 2008 Share Posted November 27, 2008 Maybe some type of Shellcode? o_O Quote Link to comment Share on other sites More sharing options...
0xC0FF33 Posted November 27, 2008 Share Posted November 27, 2008 As I know it is not regulary possible. The image viewer of the client is loading and interpreting the bytes of the image. Only if the viewing program has some secruity wholes you can use them for buffer or heap overflows to run an embedded code, but with another viewer, no chance... I think it's easier to send a zip file with an exe... There are so many stupid people out there. ;) Quote Link to comment Share on other sites More sharing options...
Artoo Posted December 13, 2008 Share Posted December 13, 2008 Here's a walkthrough... Cool Vid gonna test it! :) Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 13, 2008 Share Posted December 13, 2008 Maybe some type of Shellcode? o_O Those are the only ones ive seen work, and usually they are triggered by a BOF in AV or some 3rd party software(InfraView). Quote Link to comment Share on other sites More sharing options...
Apache Posted December 13, 2008 Share Posted December 13, 2008 I know there is a way to do this. I remember it from the days of Netbus, there was a program called bundle.exe with which you could hide the netbus server executable within a harmless file, which when openned, ran the executable as well. The only place I've seen this bundle.exe is in a scriptkiddie megapack I downloaded about 10 years ago. I can't tell you much about it anymore but I remember it had all the manuals (JRCB, Terrorists Handbook, etc), Netbus, Back Orifice (before it was BO2K, Divine Intervention 2, Black Ice Defender, Zone Alarm and various ICQ sniffers and utilities. If you can find that megapack then you'll find the file you need. it was about 50Mb, took months to download back in the day, haha, good old 14.4!. I remember at the time I found it by fluke on either Direct Connect or WinMX. Let me know if you find it, I'd like to remenisce. Quote Link to comment Share on other sites More sharing options...
Hellmark Posted December 14, 2008 Share Posted December 14, 2008 Typically, stuff like that only works on a per app basis. You have to know what they'd be using to view it. Also, when it comes to merging files, and having it still be functional, you cant just mash any two files together. Some files have their info at the end, some at the beginning. Trick is getting the right combo for what you're doing. Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted December 14, 2008 Share Posted December 14, 2008 Yeah i think your looking at having an application that renders the jpg or graphic run an embedded script or code as it tries to interpret the image. you can't roll an exe into a jpg as far as i know. you'd prolly have a better chance getting a noob at the school admin run a embedded script in an email or a link to a poisoned webpage. But...you should know better :) Quote Link to comment Share on other sites More sharing options...
remezcle Posted December 15, 2008 Share Posted December 15, 2008 You could do this with a flash file easly that calls an exe Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 15, 2008 Share Posted December 15, 2008 fail thread is fail Quote Link to comment Share on other sites More sharing options...
DMilton Posted December 15, 2008 Share Posted December 15, 2008 You can learn and read by typing (for example) BINDER JOINER HACK into google. As far as I know, you can do it something like this but it results in executing an exe and launching an jpg instead reverse. But if the program you want to call is a virus or if it's virus detectable, it'll be detected anyway. Quote Link to comment Share on other sites More sharing options...
Scorpion Posted January 26, 2009 Share Posted January 26, 2009 What i've done before (and sometimes still do....) is build a program with exe like normal but when you come to give it out to some one (or victim lol) rename File.exe to File.scr a lot of people don't think a scr is dangerous as its just a screen saver after all but it is a full blown APP. But if you try to send it by email (hotmail wont allow ya :( ) i won't say what im doing but it works alot better than file.exe :) (i know this thread is old but maybe the person or others will get there answer) Quote Link to comment Share on other sites More sharing options...
messsy Posted March 3, 2009 Share Posted March 3, 2009 there is no way of 'binding' a jpg to an exe.. well not so the exe executes. there are a couple of things u could try pictureofafellowfriend.jpg.exe (realy long filename so u dont notice the exe extension) picture.jpg .exe but thats naughty and shouldnt be done unless it has to be Quote Link to comment Share on other sites More sharing options...
digip Posted March 3, 2009 Share Posted March 3, 2009 there is no way of 'binding' a jpg to an exe.. well not so the exe executes. there are a couple of things u could try pictureofafellowfriend.jpg.exe (realy long filename so u dont notice the exe extension) picture.jpg .exe but thats naughty and shouldnt be done unless it has to be There are ways to get executable code into images, and it all really depends onthe target. Just today Opera released an update that concerns just that, executable code in a malformed jpeg. Back in the day it was pretty common for a jpeg to be infected in soem way or another. Today, its pretty hard to make them execute anything unles syou don't patch your systems. Metasploit uses images in some of its attacks, but it requires getting someone to open either a web page with the image or an email with the image embeded in the file. http://www.opera.com/support/kb/view/926/ Quote Link to comment Share on other sites More sharing options...
beakmyn Posted March 4, 2009 Share Posted March 4, 2009 Take a look at ADS(Alternate Data Streams) in files. Works with NTFS. Quote Link to comment Share on other sites More sharing options...
messsy Posted March 4, 2009 Share Posted March 4, 2009 i stand corrected :( Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 4, 2009 Share Posted March 4, 2009 If your AV doesnt pick up executable code in a jpeg then there is something wrong. A fun trick is to rename a exe to some other extension and run: cmd /c file.jpg It should run that as an executable. Binding exes to images in a different story, aside from keeping the pe header intact there is alot that goes into it. I should be releasing a binder in the coming months, or during spring break so check it out if you are interested. Quote Link to comment Share on other sites More sharing options...
digip Posted March 4, 2009 Share Posted March 4, 2009 Take a look at ADS(Alternate Data Streams) in files. Works with NTFS. I posted a thread a while back on this same topic. If I recall, there is also a tool that can search an NTFS drive for them and show you what files have ADS's, but I can't remember the name of it at the moment. edit: Found post: http://hak5.org/forums/index.php?s=&sh...ost&p=84748 Quote Link to comment Share on other sites More sharing options...
moonlit Posted March 4, 2009 Share Posted March 4, 2009 Not necessarily useful but interesting all the same, with careful use of Right To Left control characters you can mess with the order of filenames. Those files are actually called "notepad.txt.exe" and "text.exe.txt". Quote Link to comment Share on other sites More sharing options...
messsy Posted March 4, 2009 Share Posted March 4, 2009 @moonlit how does that work? very interesting, so an exe can be hidden and appear to be a txt file, Hmmm Quote Link to comment Share on other sites More sharing options...
moonlit Posted March 4, 2009 Share Posted March 4, 2009 Basically you reverse the order of the characters using a Right-to-Left control character (which can be found using Character Map). In the above example, notepad.exe is named notepad.txt.exe, but before the txt.exe is a control character which reverses the direction of the text making it appear to be called notepad.exe.txt. The downsides to this are plentiful: 1) You have a double extension, which is easy to spot. 2) You can only realistically do it with palindromic extensions, for example txt and exe, because if you reverse jpg or bmp they make no sense (if you saw a file called notepad.pmb.exe you'd get a little suspicious, right?) 3) If you used this trick as part of a plan to hide an exe then you would need the exe to have a convincing icon. If you had a txt file which had a notepad icon and not a picture of a piece of lined paper, you'd guess something wasn't right. I just thought it was an interesting little trick though, even if it's not hugely useful. Edit: Problem 1 can be solved by turning on "hide extensions for known file types", the result being: However, this is really no more or less useful than having extensions turn off while having malicious files which appear without extensions (and is easier to spot if you know what you're looking for, because if your extensions are supposed to be hidden but they show up on these files and only these files, something's obviously up). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.