Jump to content

how can i change an .exe into a .jpeg or .pdf ?


madrobjames
 Share

Recommended Posts

click on file. hit f2. rename. poof!

EXE's aren't images or pdfs. If what your asking is, how can I insert executable code into the other two formats, that is something else. .pdf's can have malicious payloads added, and in most cases, jpg/jpeg files, aren't going to be able to do anything malicious unless there is some new 0day flaw in the files or OS's not known about. Most of the older exploits for image files have gone by the wayside.

You can hide files in images, with stegonography, but it wont be executable. Think of it more like a file archive that you can retrieve files from later.

PDF's can also embed files, but to be able to run code, thats a bit different than just storing a file in them, although running saved file from a PDF attachment would pretty much the same result, but doesn't automatically run when viewed. Exploitable shellcode can be written within PDF files though that will execute on viewing. My suggestion would be to look into metasploit and testing on your own systems/home lab.

 

 

Link to comment
Share on other sites

That's not exactly what I said, but anyhow, read up on PDF+ Metasploit exploits. Anything beyond that and what you with it, is on you.

Link to comment
Share on other sites

what is your goal? if you're trying to send files or bypass filters, renaming and putting in an encrypted zip will do the same thing, unzip, rename, run.

Link to comment
Share on other sites

read up on the metsploit stuff, and start looking at shellcode and malicious media files. word generally exploits via macros, but embedded files also work if someone clicks them in the file. PDF doesn;'t embed exactly like that, but can still be triggered on click, but generally on open the exploit runs against vulnerable acrobat readers. Older browsers like IE6 and 7 if not patched are vulnerable to wmf files and a few other image hacks. Newer browsers not really so much, although metasploit can help build exploit code that is triggered from the browser. I generally don't mess with malware and sploits like that, and I try to avoid metasploit as much as I can, as I want to learn how to break shit, vs just point, click and wait.

Link to comment
Share on other sites

  • 4 weeks later...
On 26/04/2017 at 5:56 PM, madrobjames said:

No just wanna do something more like an exploit as i wanna bind it with either a word,pdf or jpeg .

Ok,the easiest way to do that is cobalt strike. (GUI)

Extension files is hidden since windows vista,then it's more easier for some social engineering tricks...

First you can install it like here:

 

And after installation,look at this guy:

 

Cheers!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...