Jump to content

I really want to know ?


Skorpinok Rover
 Share

Recommended Posts

Hello,

I have a very odd question,but i don't have knowledge of this, its bit strange, I have two Virtual machines BT5R3 & Windows XP SP2 running on Vmware Workstation 8, in case if my xp gets infected with backdoors & viruses through penetration testing or visiting warez sites, & if i upload a picture on facebook from same xp machine will my friends pc get virus if they download the same image ?

please share with me your views. sorry for my stupidity...

Regards

Skorpinok

Link to comment
Share on other sites

I do believe you can not use any malicious pic, jpeg, etc. on Facebook. I could be wrong... but I am nearly certain that the pic would not be able to get uploaded to FB. They use a VS of some sort so you can't send any arbitrary code. But, if the pic went to a link... ;)

Link to comment
Share on other sites

Theres really no such thing as a malicious jpeg as far as I know. You can have malicious php code that interacts with jpegs, but thats very different. PDFs are an entirely different animal. A simple google search ("malicious pdf" for example) will turn up lots and lots of information on this.

telot

Edited by telot
Link to comment
Share on other sites

Facebook adds its own EXIF data to pictures these days, and would most likely scan images before upload, so trying to say, upload a fake gif header with php data, they would see it (I would hope) but, most machines today, if they are patched and up to date, older malicious image files should not work to infect a system. If they are running say, XP, SP2 without the wmf, tiff, ico and other variuos image file attacks that used to work back in the day, then yes, they may be able to be infected, but I doubt the file would work if uploaded to Facebook, since they modify, compress and add their own exif data tot he files, which would probably destroy any of the malicious code. If the image was linked to from an external site, then yes, its possible to use a metasploit attack if their system is vulnerable, and facebook didn't block access to the external linked image. Most image attacks these days, are used against things like TimThumb though, ie: fake gif header, and rest of file is all php shell script and thats mainly for targetting specific web server flaws and scripts such as TimThumb.

Link to comment
Share on other sites

Facebook security is pretty tight, so I wouldn't worry too much if your VM was infected.

Link to comment
Share on other sites

hey guys i dont know if you guys cought the epesode with steghide , but you can import steghide pictures into facebook , ( Attach text too an image and password protect it) my cover image on facebook has stghide text attached too it
with a message in hex on my actual cover photo saying steghide this image and the password on the picture once again in hex :D , nobody so far has got back too me about this :( , obviously dont have the right crowd on facebook lmao

Link to comment
Share on other sites

if this is a vonerability , couldint it be possibe too do some sort of memory buffer overflow ?? , Just a thought ?? this may not be possible , but i am sure thiskind of attack does exist :)

Link to comment
Share on other sites

http://regex.info/exif.cgi?imgurl=http%3A%2F%2Fsphotos-f.ak.fbcdn.net%2Fhphotos-ak-ash4%2F394986_132663500218383_1296920152_n.jpg

Notice the Exif Data. “Facebook's “TINYsRGB”” Some of the remaining original data is still there as well. I can see it was made on an Apple computer. Being its a jpg you can see Facebook added image compression too, which would most likely, change the file in such a way that say, hidden data or even attack data, would probably be changed in the process. "Image compression: 93%" I've uploaded completely uncompressed images to Facebook for clients before, only to see them show up fuzzy and compressed, so I'm fairly certain, data you put in them, will be modified, or changed in such a way would render them useless. PNG's, might be able to get passed without losing say, a hidden message written in the file, since PNG's are losseless image files, but if they resize the image, then they change its structure and would ruin stegonagraphy in an image for example. As far as a virus or malware, some file types can contain them and still work against older systems, but usually require special scripting to make the attack work, which usually target Internet Explorer specifically on older systems. There was a recent GIF image, memory corruption issue for the Opera browser a few months back, but I believe thats been patched, and only effected windows systems. If you run EMET for windows, most it would do is crash Opera without allowing it to execute code though, and I'm not even sure it allowed code execution, as much as it did freeze a browser and DOS your session.

Link to comment
Share on other sites

http://regex.info/exif.cgi?imgurl=http%3A%2F%2Fsphotos-f.ak.fbcdn.net%2Fhphotos-ak-ash4%2F394986_132663500218383_1296920152_n.jpg

Notice the Exif Data. “Facebook's “TINYsRGB”” Some of the remaining original data is still there as well. I can see it was made on an Apple computer. Being its a jpg you can see Facebook added image compression too, which would most likely, change the file in such a way that say, hidden data or even attack data, would probably be changed in the process. "Image compression: 93%" I've uploaded completely uncompressed images to Facebook for clients before, only to see them show up fuzzy and compressed, so I'm fairly certain, data you put in them, will be modified, or changed in such a way would render them useless. PNG's, might be able to get passed without losing say, a hidden message written in the file, since PNG's are losseless image files, but if they resize the image, then they change its structure and would ruin stegonagraphy in an image for example. As far as a virus or malware, some file types can contain them and still work against older systems, but usually require special scripting to make the attack work, which usually target Internet Explorer specifically on older systems. There was a recent GIF image, memory corruption issue for the Opera browser a few months back, but I believe thats been patched, and only effected windows systems. If you run EMET for windows, most it would do is crash Opera without allowing it to execute code though, and I'm not even sure it allowed code execution, as much as it did freeze a browser and DOS your session.

I like the regex info , but i made it in photoshop on a PC not on a mac , i then used steghide too attach my "Message" , I uploaded my image with my steg hide attachment too facebook ( this is the link i provided). on the image if you download it from facebook and extract the steghide message from the image with the passphrase provided on the image , it is all still in one piece, and the file size is the same as it was origionally from before i uploaded it.

Link to comment
Share on other sites

I like the regex info , but i made it in photoshop on a PC not on a mac , i then used steghide too attach my "Message" , I uploaded my image with my steg hide attachment too facebook ( this is the link i provided). on the image if you download it from facebook and extract the steghide message from the image with the passphrase provided on the image , it is all still in one piece, and the file size is the same as it was origionally from before i uploaded it.

Thats my bad, I read the ICC color profile wrong. Apple Computer Inc. was the color profile used. Often though, it will also tell you the actual hardware though, like the monitor used, and system, such as Microsoft and if it was on an iMac, HP monitor, etc. All of which can be spoofed too though. I'm surprised the stego info is still intact though, since FB is known to compress jpgs and often resize them, so thats good to know, although I haven't tried decoding the file...

Link to comment
Share on other sites

By the way, the info was still in tact on Facebook, I PM'ed him the message and was able to extract it fine from the Facebook image. Suprprised it survived the upload. I know some sites completely mangle images and can't be used to store stgonagraphy in them, but Facebook apparently left that part of the image in tact. I still have my doubts about malware or emebeded binaries, but most images don't run executable code these days in current systems. Older images and file formates could be used to attack Internet Explorer, such as wmf, cursor, ico, tiff and png files (jpgs used to way back in the day) and there was a recent memory corruption issue in Opera that was fixed in the last release, but I'd still be hard pressed to see one make it onto their site that they didn't catch. Who knows, only way is to upload one and find out, and test on an older, unpatched OS and browser.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...