I don't believe that people are so stupid to download a file named update.apk or .exe...so I ask other methods to infect. Like visiting a link, or download an image or pdf. It is possible to infect with an image? I saw some tutorials that hide an exe file in an image..What do you think?
Forum Thread: How to Infect a Device?
- Hot
- Active
-
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
4 days ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
1 wk ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
1 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
1 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
2 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
3 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
3 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
3 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
3 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
3 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
4 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
4 mo ago -
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
5 mo ago -
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
6 mo ago -
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
6 mo ago -
Forum Thread:
How to Hack School Website
11
Replies
6 mo ago -
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
6 mo ago -
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
8 mo ago
-
How To:
Dox Anyone
-
How To:
Automate Wi-Fi Hacking with Wifite2
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Hack Apache Tomcat via Malicious WAR File Upload
-
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To:
Hack Wi-Fi Networks with Bettercap
-
How To:
Create Custom Wordlists for Password Cracking Using the Mentalist
-
How To:
Get Root with Metasploit's Local Exploit Suggester
-
How To:
Hack WiFi Using a WPS Pixie Dust Attack
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
Fuzz Parameters, Directories & More with Ffuf
-
How To:
Create Rainbow Tables for Hashing Algorithms Like MD5, SHA1 & NTLM
-
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
-
How To:
Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
-
How To:
Use the Buscador OSINT VM for Conducting Online Investigations
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
Hack Like a Pro:
Cryptography Basics for the Aspiring Hacker
-
How To:
Hack Windows 7 (Become Admin)
5 Responses
There are two ways to infect a device. One is a malicious application is installed. The other way is to exploit a vulnerability in software. This can be the operating system itself or an application.
Believe it or not but the majority of infections are user installed by people opening exe files or other executables. (On windows scr, com and cmd can also execute) Some are tricked into installing it, some believe the file is something not harmful.
A common way to trick someone is to name a file Anyname.jpg.exe Windows by default will only show Anyname.jpg
thank you for your response!
How about visiting a link?
In terms of images, in December last year ESET found tricky advertising PNG's embedded with transparent layers of JavaScript which would invisibly open browser windows with (offscreen) tinyurl destinations which would attempt to immediately download malware executable. Similar (stegno) attacks have been used with JPEGs, PDF documents and other media formats too. BUT the point here is that viewing the image, at best (or worst - in a security sense), allows a browser or plugin to run some pretty limited script which acts as a vehicle to the actual malware (.exe or whatever) onto the user's box for execution by the user (or perhaps system). The executable payload itself is not and cannot (from my understanding) be somehow magically encoded/embedded/bound into the image itself for immediate pwnage upon remote viewing.
I have heard of 'malicious images' in the context of local execution/viewing by the user, though. Essentially, a bad guy constructs an image which exploits known flaws/vulnerabilities in the user's local viewing software/environment so that when the user opens the image, the exploit is triggered. The most common example of this involves constructing an image which over-reports its dimensions to the image viewing software such that the system allocates too much temp memory. This can then be used in a buffer overflow attack if the right data is read into it. BUT, c'mon, for most of us, this is la la land stuff.
So really, Traveller is correct in saying that your best bet in using an image as a vehicle for a hack/malware infusion is for the image... to not be an image at all. That is, using icon/extension/social context manipulation to fool your user into opening an image file which is anything an image file. I know you say "I dont believe anyone would be so stupid"... but you would be surprised/horrified. Obviously "1337pwnage.exe" (with skull'n'crossbones icon) is unlikely to work but I'm sure you can think or other senarios which, in the right context, with a bit of social engineering, may.
Happy hacking and good luck!
Thank you so much for the resposne!
Share Your Thoughts