madrobjames Posted April 24, 2017 Share Posted April 24, 2017 how can i change an .exe into a .jpeg or .pdf ? Quote Link to comment Share on other sites More sharing options...
digip Posted April 24, 2017 Share Posted April 24, 2017 click on file. hit f2. rename. poof! EXE's aren't images or pdfs. If what your asking is, how can I insert executable code into the other two formats, that is something else. .pdf's can have malicious payloads added, and in most cases, jpg/jpeg files, aren't going to be able to do anything malicious unless there is some new 0day flaw in the files or OS's not known about. Most of the older exploits for image files have gone by the wayside. You can hide files in images, with stegonography, but it wont be executable. Think of it more like a file archive that you can retrieve files from later. PDF's can also embed files, but to be able to run code, thats a bit different than just storing a file in them, although running saved file from a PDF attachment would pretty much the same result, but doesn't automatically run when viewed. Exploitable shellcode can be written within PDF files though that will execute on viewing. My suggestion would be to look into metasploit and testing on your own systems/home lab. Quote Link to comment Share on other sites More sharing options...
madrobjames Posted April 24, 2017 Author Share Posted April 24, 2017 Great so its practically possible to hide an .exe in a pdf file and when viewed is the executable run's? do you have any idea of a product or softwware that can help with this Quote Link to comment Share on other sites More sharing options...
digip Posted April 25, 2017 Share Posted April 25, 2017 That's not exactly what I said, but anyhow, read up on PDF+ Metasploit exploits. Anything beyond that and what you with it, is on you. Quote Link to comment Share on other sites More sharing options...
madrobjames Posted April 25, 2017 Author Share Posted April 25, 2017 Great will do or do you have any idea how i can send an .exe via gmail as this doesnt go directly so will need to change its format Quote Link to comment Share on other sites More sharing options...
digip Posted April 25, 2017 Share Posted April 25, 2017 what is your goal? if you're trying to send files or bypass filters, renaming and putting in an encrypted zip will do the same thing, unzip, rename, run. Quote Link to comment Share on other sites More sharing options...
madrobjames Posted April 26, 2017 Author Share Posted April 26, 2017 No just wanna do something more like an exploit as i wanna bind it with either a word,pdf or jpeg . Quote Link to comment Share on other sites More sharing options...
digip Posted April 26, 2017 Share Posted April 26, 2017 read up on the metsploit stuff, and start looking at shellcode and malicious media files. word generally exploits via macros, but embedded files also work if someone clicks them in the file. PDF doesn;'t embed exactly like that, but can still be triggered on click, but generally on open the exploit runs against vulnerable acrobat readers. Older browsers like IE6 and 7 if not patched are vulnerable to wmf files and a few other image hacks. Newer browsers not really so much, although metasploit can help build exploit code that is triggered from the browser. I generally don't mess with malware and sploits like that, and I try to avoid metasploit as much as I can, as I want to learn how to break shit, vs just point, click and wait. Quote Link to comment Share on other sites More sharing options...
Dedsec_Nethunter Posted May 22, 2017 Share Posted May 22, 2017 On 26/04/2017 at 5:56 PM, madrobjames said: No just wanna do something more like an exploit as i wanna bind it with either a word,pdf or jpeg . Ok,the easiest way to do that is cobalt strike. (GUI) Extension files is hidden since windows vista,then it's more easier for some social engineering tricks... First you can install it like here: And after installation,look at this guy: Cheers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.