Skip to main content

EMBEDDED BACKDOOR WITH IMAGE USING FAKE IMAGE EXPLOITER

In this article we are introducing a newly launched hacking tool “Fake Image Exploiter”. It is design so that it becomes easier for attackers to perform phishing or social engineering attacks by generating a fake image with hidden malicious .bat/.exe file inside it.
Let’s start!
Open the terminal inside your kali Linux and type following command to download it from github.
Git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git
Once it gets downloaded then opens the folder and selects the file “settings” for configuration before running the program as shown the given screenshot.
Now made some changes inside setting file as shown the screenshot:
Here you have to declare the type of payload extension you will use to hide it inside the image. You can set any exetension among these four : ps1, bat, txt, exe.  I had set PAYLOAD_EXETNSION=bat similarly set BYPASS_RH=NO  and scroll down for next configration.
In same way set these two values also as shown in screenshot then save the changes.
AUTO_PAYLOAD_BUILD=YES
AGENT_HANLER_PORT=4444
After making certain changes in setting file then open the terminal and run the program file:
Cd FakeImageExploiter
./ FakeImageExploiter.sh
Click on YES to execute framework.
Select payload to build as I had choose window/meterpreter/reverse_tcp for attack.
After then a pop up box will open which will allow choosing any jpg image so that it could hide .bat file payload inside that image.
Now select icon for your malicious image. 
Give a name to your payload which will be display to victim as file name, from screenshot you can see I had given sales.
Now it generates a link as you can observe it from highlighted part of screenshot and then send this link to victim. Now victim will download the zip file and click on the sales.jpg.
When victim will click on sales.jpg, we will get meterpreter session at the background on metasploit framework.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable s...
Post a Comment
Read more

Capture VNC Session of Remote PC using SetToolkit( social engineering toolkit)

Today in this article we’ll try to compromise the target through VNC payload attack using very simple method for beginners. In this tutorial they’ll learn how to create a VNC payload using set tool kit and try to achieve VNC shell of victim’s PC. Let’s Start!!! Application > social engineering toolkit A terminal will launch with set tool kit wizard here select first option to start social engineering attacks. Type 1 Now we have to select another option to choose any one attack among following. Select create a payload and listener. Type 4 Here we will select our payload option since we are performing VNC attack therefore we need to go with third option for VNC payload. Type 3 In next step it requires IP address for payload listener which is  192.168.0.104  (attacker’s IP) then after that it will ask to enter the port for reverse listener and that will be  4444 . Now it starts generating VNC payload and save that payload under heighted path...
Post a Comment
Read more

What Is Doxing & How Does It Affect Your Privacy? [MakeUseOf Explains]

Internet privacy is a huge deal. One of the stated perks of the Internet is that you can remain anonymous behind your monitor as you browse, chat, and do whatever it is that you do. However, did you know that your real life identity can be compromised based on your Internet persona? It’s called “doxing” and it’ll sneak up on you without your knowledge. So, what is Doxing? Doxing can affect anyone. Nobody is outside the possibility of being doxed. How much of your real life information is on the Internet? Even the smallest slice of personal data can come back to bite you in the rear. Real name, phone number, email address – anything. Sound like fearmongering? In one sense, it is. You’ve probably never heard of someone who’s been doxed. But that doesn’t mean you’re immune. Let’s take a closer look at what doxing is, exactly, and then I’ll show you what you can do about it. Doxing 101                           ...
Post a Comment
Read more