I don't believe that people are so stupid to download a file named update.apk or .exe...so I ask other methods to infect. Like visiting a link, or download an image or pdf. It is possible to infect with an image? I saw some tutorials that hide an exe file in an image..What do you think?
Forum Thread: How to Infect a Device?
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
1 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
2 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
5 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
6 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
7 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
9 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
10 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
10 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
Phish Social Media Sites with SocialFish
-
How To:
Crack Wi-Fi Passwords—For Beginners!
-
How to Use PowerShell Empire:
Getting Started with Post-Exploitation of Windows Hosts
-
How To:
Flash Kali NetHunter on OnePlus and Nexus Devices (Most) As a Secondary ROM
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
-
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To:
Dox Anyone
-
How To:
Make Your Own Bad USB
-
How To:
The Top 80+ Websites Available in the Tor Network
-
How To:
Enumerate SMB with Enum4linux & Smbclient
-
How To:
Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To:
Use MinGW to Compile Windows Exploits on Kali Linux
-
How To:
Enable Monitor Mode & Packet Injection on the Raspberry Pi
5 Responses
There are two ways to infect a device. One is a malicious application is installed. The other way is to exploit a vulnerability in software. This can be the operating system itself or an application.
Believe it or not but the majority of infections are user installed by people opening exe files or other executables. (On windows scr, com and cmd can also execute) Some are tricked into installing it, some believe the file is something not harmful.
A common way to trick someone is to name a file Anyname.jpg.exe Windows by default will only show Anyname.jpg
thank you for your response!
How about visiting a link?
In terms of images, in December last year ESET found tricky advertising PNG's embedded with transparent layers of JavaScript which would invisibly open browser windows with (offscreen) tinyurl destinations which would attempt to immediately download malware executable. Similar (stegno) attacks have been used with JPEGs, PDF documents and other media formats too. BUT the point here is that viewing the image, at best (or worst - in a security sense), allows a browser or plugin to run some pretty limited script which acts as a vehicle to the actual malware (.exe or whatever) onto the user's box for execution by the user (or perhaps system). The executable payload itself is not and cannot (from my understanding) be somehow magically encoded/embedded/bound into the image itself for immediate pwnage upon remote viewing.
I have heard of 'malicious images' in the context of local execution/viewing by the user, though. Essentially, a bad guy constructs an image which exploits known flaws/vulnerabilities in the user's local viewing software/environment so that when the user opens the image, the exploit is triggered. The most common example of this involves constructing an image which over-reports its dimensions to the image viewing software such that the system allocates too much temp memory. This can then be used in a buffer overflow attack if the right data is read into it. BUT, c'mon, for most of us, this is la la land stuff.
So really, Traveller is correct in saying that your best bet in using an image as a vehicle for a hack/malware infusion is for the image... to not be an image at all. That is, using icon/extension/social context manipulation to fool your user into opening an image file which is anything an image file. I know you say "I dont believe anyone would be so stupid"... but you would be surprised/horrified. Obviously "1337pwnage.exe" (with skull'n'crossbones icon) is unlikely to work but I'm sure you can think or other senarios which, in the right context, with a bit of social engineering, may.
Happy hacking and good luck!
Thank you so much for the resposne!
Share Your Thoughts