Jump to content

executable in a jpg


Weiii

Recommended Posts

As I know it is not regulary possible. The image viewer of the client is loading and interpreting the bytes of the image. Only if the viewing program has some secruity wholes you can use them for buffer or heap overflows to run an embedded code, but with another viewer, no chance...

I think it's easier to send a zip file with an exe... There are so many stupid people out there. ;)

Link to comment
Share on other sites

  • 3 weeks later...

I know there is a way to do this.

I remember it from the days of Netbus, there was a program called bundle.exe with which you could hide the netbus server executable within a harmless file, which when openned, ran the executable as well.

The only place I've seen this bundle.exe is in a scriptkiddie megapack I downloaded about 10 years ago. I can't tell you much about it anymore but I remember it had all the manuals (JRCB, Terrorists Handbook, etc), Netbus, Back Orifice (before it was BO2K, Divine Intervention 2, Black Ice Defender, Zone Alarm and various ICQ sniffers and utilities.

If you can find that megapack then you'll find the file you need. it was about 50Mb, took months to download back in the day, haha, good old 14.4!. I remember at the time I found it by fluke on either Direct Connect or WinMX.

Let me know if you find it, I'd like to remenisce.

Link to comment
Share on other sites

Typically, stuff like that only works on a per app basis. You have to know what they'd be using to view it.

Also, when it comes to merging files, and having it still be functional, you cant just mash any two files together. Some files have their info at the end, some at the beginning. Trick is getting the right combo for what you're doing.

Link to comment
Share on other sites

Yeah i think your looking at having an application that renders the jpg or graphic run an embedded script or code as it tries to interpret the image.

you can't roll an exe into a jpg as far as i know.

you'd prolly have a better chance getting a noob at the school admin run a embedded script in an email or a link to a poisoned webpage.

But...you should know better :)

Link to comment
Share on other sites

  • 1 month later...

What i've done before (and sometimes still do....) is build a program with exe like normal but when you come to give it out to some one (or victim lol) rename File.exe to File.scr a lot of people don't think a scr is dangerous as its just a screen saver after all but it is a full blown APP. But if you try to send it by email (hotmail wont allow ya :( ) i won't say what im doing but it works alot better than file.exe :)

(i know this thread is old but maybe the person or others will get there answer)

Link to comment
Share on other sites

  • 1 month later...

there is no way of 'binding' a jpg to an exe.. well not so the exe executes. there are a couple of things u could try

pictureofafellowfriend.jpg.exe (realy long filename so u dont notice the exe extension)

picture.jpg .exe

but thats naughty and shouldnt be done unless it has to be

Link to comment
Share on other sites

there is no way of 'binding' a jpg to an exe.. well not so the exe executes. there are a couple of things u could try

pictureofafellowfriend.jpg.exe (realy long filename so u dont notice the exe extension)

picture.jpg .exe

but thats naughty and shouldnt be done unless it has to be

There are ways to get executable code into images, and it all really depends onthe target. Just today Opera released an update that concerns just that, executable code in a malformed jpeg. Back in the day it was pretty common for a jpeg to be infected in soem way or another. Today, its pretty hard to make them execute anything unles syou don't patch your systems. Metasploit uses images in some of its attacks, but it requires getting someone to open either a web page with the image or an email with the image embeded in the file.

http://www.opera.com/support/kb/view/926/

Link to comment
Share on other sites

If your AV doesnt pick up executable code in a jpeg then there is something wrong. A fun trick is to rename a exe to some other extension and run: cmd /c file.jpg

It should run that as an executable. Binding exes to images in a different story, aside from keeping the pe header intact there is alot that goes into it. I should be releasing a binder in the coming months, or during spring break so check it out if you are interested.

Link to comment
Share on other sites

Take a look at ADS(Alternate Data Streams) in files. Works with NTFS.

I posted a thread a while back on this same topic. If I recall, there is also a tool that can search an NTFS drive for them and show you what files have ADS's, but I can't remember the name of it at the moment.

edit: Found post: http://hak5.org/forums/index.php?s=&sh...ost&p=84748

Link to comment
Share on other sites

46239413.png

Not necessarily useful but interesting all the same, with careful use of Right To Left control characters you can mess with the order of filenames. Those files are actually called "notepad.txt.exe" and "text.exe.txt".

Link to comment
Share on other sites

Basically you reverse the order of the characters using a Right-to-Left control character (which can be found using Character Map). In the above example, notepad.exe is named notepad.txt.exe, but before the txt.exe is a control character which reverses the direction of the text making it appear to be called notepad.exe.txt.

The downsides to this are plentiful:

1) You have a double extension, which is easy to spot.

2) You can only realistically do it with palindromic extensions, for example txt and exe, because if you reverse jpg or bmp they make no sense (if you saw a file called notepad.pmb.exe you'd get a little suspicious, right?)

3) If you used this trick as part of a plan to hide an exe then you would need the exe to have a convincing icon. If you had a txt file which had a notepad icon and not a picture of a piece of lined paper, you'd guess something wasn't right.

I just thought it was an interesting little trick though, even if it's not hugely useful.

Edit: Problem 1 can be solved by turning on "hide extensions for known file types", the result being:

1242057.png

However, this is really no more or less useful than having extensions turn off while having malicious files which appear without extensions (and is easier to spot if you know what you're looking for, because if your extensions are supposed to be hidden but they show up on these files and only these files, something's obviously up).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...