How To Hide a Virus Payload in JPG Image -Undetectable Backdoor ✔

in #ethical6 years ago


WE do not hold any responsibility for the bad use of this tool,
remember that attacking targets without prior consent is illegal and punished by law.
there is another method using this script https://github.com/r00t-3xp10it/FakeImageExploiter.git
FakeImageExploiter v1.4 - backdoor images.jpg[.ps1]
This module takes one existing image.jpg and one payload.ps1 (input by user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.

This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide extensions for known file types' method to hidde the agent.exe extension.

All payloads (user input) will be downloaded from our apache2 webserver
and executed into target RAM. The only extension (payload input by user)
that requires to write payload to disk are .exe binaries.

FakeImageExploiter stores all files in apache2 webroot, zips (.zip) the agent,
starts apache2 and metasploit services(handler), and provides a URL to send to
target (triggers agent.zip download). As soon as the victim runs our executable,
our picture will be downloaded and opened in the default picture viewer, our
malicious payload will be executed, and we will get a meterpreter session.

But it also stores the agent (not ziped) into FakeImageExploiter/output folder
if we wish to deliver agent.jpg.exe using another diferent attack vector.

'This tool also builds a cleaner.rc file to delete payloads left in target'Special thanks:
@nullbyte | @Yoel_Macualo | @0xyg3n (SSA team menber)

Credits: https://null-byte.wonderhowto.com/how-to/hide-virus-inside-fake-picture-0168183

Suspicious-Shell-Activity (SSA) RedTeam develop @2017


▶️ DTube
▶️ IPFS
Sort:  

A very nice method to go along with social engineering to get someone to open the image on their computer.