I don't believe that people are so stupid to download a file named update.apk or .exe...so I ask other methods to infect. Like visiting a link, or download an image or pdf. It is possible to infect with an image? I saw some tutorials that hide an exe file in an image..What do you think?
Forum Thread: How to Infect a Device?
- Hot
- Active
-
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
3 wks ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
4 wks ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
1 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
1 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
3 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
3 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
3 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
3 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
3 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
4 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
4 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
4 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
5 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
5 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
6 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
7 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
7 mo ago -
Forum Thread: How to Hack School Website 11 Replies
7 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
7 mo ago -
Forum Thread: Creating an Completely Undetectable Executable in Under 15 Minutes! 38 Replies
8 mo ago
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Dox Anyone
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Use SQL Injection to Run OS Commands & Get a Shell
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To: Execute Code in a Microsoft Word Document Without Security Warnings
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Target Bluetooth Devices with Bettercap
-
BT Recon: How to Snoop on Bluetooth Devices Using Kali Linux
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How To: Automate Wi-Fi Hacking with Wifite2
-
How To: Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
-
How To: Enable Monitor Mode & Packet Injection on the Raspberry Pi
-
How To: Build a Man-in-the-Middle Tool with Scapy and Python
-
How To: Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
5 Responses
There are two ways to infect a device. One is a malicious application is installed. The other way is to exploit a vulnerability in software. This can be the operating system itself or an application.
Believe it or not but the majority of infections are user installed by people opening exe files or other executables. (On windows scr, com and cmd can also execute) Some are tricked into installing it, some believe the file is something not harmful.
A common way to trick someone is to name a file Anyname.jpg.exe Windows by default will only show Anyname.jpg
thank you for your response!
How about visiting a link?
In terms of images, in December last year ESET found tricky advertising PNG's embedded with transparent layers of JavaScript which would invisibly open browser windows with (offscreen) tinyurl destinations which would attempt to immediately download malware executable. Similar (stegno) attacks have been used with JPEGs, PDF documents and other media formats too. BUT the point here is that viewing the image, at best (or worst - in a security sense), allows a browser or plugin to run some pretty limited script which acts as a vehicle to the actual malware (.exe or whatever) onto the user's box for execution by the user (or perhaps system). The executable payload itself is not and cannot (from my understanding) be somehow magically encoded/embedded/bound into the image itself for immediate pwnage upon remote viewing.
I have heard of 'malicious images' in the context of local execution/viewing by the user, though. Essentially, a bad guy constructs an image which exploits known flaws/vulnerabilities in the user's local viewing software/environment so that when the user opens the image, the exploit is triggered. The most common example of this involves constructing an image which over-reports its dimensions to the image viewing software such that the system allocates too much temp memory. This can then be used in a buffer overflow attack if the right data is read into it. BUT, c'mon, for most of us, this is la la land stuff.
So really, Traveller is correct in saying that your best bet in using an image as a vehicle for a hack/malware infusion is for the image... to not be an image at all. That is, using icon/extension/social context manipulation to fool your user into opening an image file which is anything an image file. I know you say "I dont believe anyone would be so stupid"... but you would be surprised/horrified. Obviously "1337pwnage.exe" (with skull'n'crossbones icon) is unlikely to work but I'm sure you can think or other senarios which, in the right context, with a bit of social engineering, may.
Happy hacking and good luck!
Thank you so much for the resposne!
Share Your Thoughts