Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
Jan 2009 Free Giveaway Sponsor - Black Hat DC
Scooby Doo and the Crypto Caper - Answers and Winners
Daemon - A Contest Revealed
Hacking: The Art of Exploitation 2nd Edition
Nov 2008 Free Giveaway - Winners
Dec 2008 Free Giveaway Sponsor - SANS
Santa Claus is Hacking to Town
Plug-N-Play Network Hacking
Nov 2008 Free Giveaway Sponsor - CWNP
Daemon - A Contest Begins Now
It Happened One Friday - Answers and Winners
Daemon - A Contest
Scooby Doo and the Crypto Caper
MS Blue Hat Hackers Headline Chicago Security Con
The Pen Testing Perfect Storm Webcast Series with Skoudis, Wright, Johnson
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 25 guests and 3 members online
EH-Net Donations
Enter Amount:
$
CAD
USD
GBP
AUD
JPY
EUR
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations
You are here:
Home
Forum
Ethical Hacking Discussions and Related Certifications
Malware
Injecting Virus in pics...
Ethical Hacker Community Forums
January 08, 2009, 09:56:54 PM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf.
www.chicagocon.com
Home
Help
Calendar
Login
Register
Ethical Hacker Community Forums
>
Ethical Hacking Discussions and Related Certifications
>
Malware
(Moderator:
don
) >
Injecting Virus in pics...
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Injecting Virus in pics... (Read 4885 times)
0 Members and 1 Guest are viewing this topic.
rok
Newbie
Offline
Posts: 39
Injecting Virus in pics...
«
on:
July 26, 2008, 02:02:41 AM »
Injecting xss or shell in picture(jpeg or etc) works very nice.I made my small childish lab last night and was tring to actually injecting a virus(.exe) in a picture and then hosted it.So when I tested on me,it did not infect me..is it possible actually to small .exe servers in pics...
I know it's Unethical,just for knowledge purpose.Hope you understand.
Logged
shakuni
Jr. Member
Offline
Posts: 78
Re: Injecting Virus in pics...
«
Reply #1 on:
July 28, 2008, 09:19:18 AM »
You can find it easily on the web. And if you can't find it then probably this info is not safe in your hands.
Logged
There is no rule, law or tradition that apply universally... including this one.
rok
Newbie
Offline
Posts: 39
Re: Injecting Virus in pics...
«
Reply #2 on:
July 29, 2008, 06:44:02 AM »
Quote from: shakuni on July 28, 2008, 09:19:18 AM
You can find it easily on the web. And if you can't find it then probably this info is not safe in your hands.
I just want to know,is it possible for an exe format to act like a mp3..?Only binding won't work here..please help
Logged
Negrita
Sr. Member
Offline
Posts: 289
Re: Injecting Virus in pics...
«
Reply #3 on:
July 29, 2008, 02:01:39 PM »
Try working your way through these;
http://www.hellboundhackers.org/challenges/stegano/index.php
. You'll have to register at that site first. Once you've done the challenges, I believe that you'll be able to answer your own question.
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003
There are 10 kinds of people, those that understand binary, and those that don't.
geekyone
Full Member
Offline
Posts: 132
Re: Injecting Virus in pics...
«
Reply #4 on:
July 29, 2008, 04:12:46 PM »
Thanks for the link Negrita! It looks like a cool site.
Logged
CISSP, CEH, GPEN, GCIH
Negrita
Sr. Member
Offline
Posts: 289
Re: Injecting Virus in pics...
«
Reply #5 on:
July 30, 2008, 01:21:30 PM »
My pleasure.
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003
There are 10 kinds of people, those that understand binary, and those that don't.
rok
Newbie
Offline
Posts: 39
Re: Injecting Virus in pics...
«
Reply #6 on:
July 31, 2008, 06:19:46 AM »
Thans for the link.
But it's more of steganography,steg will only hide the data,but it won't be executed..??
Logged
Kev
Sr. Member
Offline
Posts: 359
Re: Injecting Virus in pics...
«
Reply #7 on:
August 01, 2008, 10:10:18 AM »
I think you will find what you are trying to do is difficult, unless you force the pic to open as an html and exploit the browser.
Logged
oleDB
Full Member
Offline
Posts: 231
Re: Injecting Virus in pics...
«
Reply #8 on:
August 01, 2008, 10:34:44 AM »
Most of the stuff I've seen revolves around buffer overflows that occur when images(GIF, ANI, etc) are processed and shellcode is tacked on. I believe with the onload function in javascript and probably activeX as well, you can have whatever you want executed when the image is loaded on the page.
Logged
oneeyedcarmen
Full Member
Offline
Posts: 205
Klaatu, Borada,Necktie?
Re: Injecting Virus in pics...
«
Reply #9 on:
August 08, 2008, 02:08:33 PM »
Apparently this garnered some attention at BlackHat this week. Rich Mogull gave a little
write up about it over on Securosis
, but I've been seeing a lot of others talking about it, too.
Logged
MCP, Security+, Associate (ISC)2
RoleReversal
Hero Member
Offline
Posts: 508
Re: Injecting Virus in pics...
«
Reply #10 on:
August 09, 2008, 03:34:07 AM »
Oneeyedcarmen,
thanks for the link, I haven't come across that attack vector before. Unfortunately it sounds fairly promising (one more reason to disable javascript, thank you NoScript).
Was anyone at this talk @ Blackhat? more technical information regarding the vector would be good.
Logged
A little bit of sanity:
http://www.infosanity.co.uk
oneeyedcarmen
Full Member
Offline
Posts: 205
Klaatu, Borada,Necktie?
Re: Injecting Virus in pics...
«
Reply #11 on:
August 09, 2008, 09:23:57 AM »
a few of our lurkers and occasional posters were there, so hopefully we'll get some more detail when they return
Logged
MCP, Security+, Associate (ISC)2
geekyone
Full Member
Offline
Posts: 132
Re: Injecting Virus in pics...
«
Reply #12 on:
August 09, 2008, 07:50:39 PM »
Here is a link from one of the presenters with some information about it.
http://blogs.zdnet.com/security/?p=1666
Logged
CISSP, CEH, GPEN, GCIH
oneeyedcarmen
Full Member
Offline
Posts: 205
Klaatu, Borada,Necktie?
Re: Injecting Virus in pics...
«
Reply #13 on:
August 11, 2008, 01:32:19 PM »
Nate and Rob discuss the GIFAR talk on
the Network Security Podcast
Logged
MCP, Security+, Associate (ISC)2
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Special Events
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009
=> News Items and General Discussion About EH-Net
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> Certification
===> The Charter Study Group - Pen Test
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
=====> CEH - Official Course Modules v4
=====> CEH - Official Course Modules v5
=====> CEH - Official Course Modules v6
===> CPTS - Certified Pen Testing Specialist
=====> CPTS - Official Course Modules v5
===> CPTE - Certified Pen Testing Expert
=====> CPTE - Official Course Modules v1
===> ECSA - EC-Council Certified Security Analyst
=====> ECSA - Official Course Modules v1.2
=====> ECSA / LPT - Official Course Modules v3
===> OSCP - Offensive Security Certified Professional
===> GPEN - GIAC Certified Penetration Tester
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
=====> CHFI - Official Course Modules v2
===> EnCE - EnCase® Certified Examiner
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Hardware
=> Malware
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Gates
=> Heffner
=> Hoffman
=> RichM
=> Murray
=> J. Peltier
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
Loading...
Sponsors
Polls
How many security events including conferences and training do you attend a year:
1 - 2
3 - 4
5 - 6
7+
None - But want to
None - Choose not to
Support EH-Net
Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
Try CBT Nuggets Free!
Recent Forum Topics
Other
: Insanity?
(4) by
drhellno
Other
: FreeBSD 7.1 Released
(0) by
don
Other
: Windows 7 Beta Available Tomorrow
(0) by
don
OSCP - Offensive Security Certified Professional
: Next Up OSCP101 v2.0
(39) by
don
OSCP - Offensive Security Certified Professional
: Offensive Security Releases Sample Pen Testing Report
(0) by
don
Book Reviews
: Need a book suggestion!
(4) by
don
Web Applications
: Determine URL from IP address
(2) by
BillV
Malware
: uninstall trend mciro officescan clients
(1) by
adamj
Tools
: Core Impact Essentials
(0) by
sgt_mjc
News from the Outside World
: Google branching out a little further...
(3) by
jason
Physical Security
: Magnetic stripe card spoofing
(5) by
jason
Gates
: Oracle version module for metasploit
(3) by
RoleReversal
Malware
: THe website is Evil but what to do??
(3) by
NickFnord
CEH - Certified Ethical Hacker
: Helow... help some tutorials...
(7) by
K3lV1n
CEH - Certified Ethical Hacker
: CEH is a scam
(20) by
K3lV1n
Mass Media
: Daniel Suarez Interview
(9) by
blackazarro
Malware
: Security Forecast for 2009
(5) by
jason
News from the Outside World
: Is this acceptable?
(9) by
jason
Wireless
: Wireless Pen Testing Cards
(6) by
jason
Oct 2008 - Scooby Doo and the Crypto Caper
: Skillz October 08 Winning Entry - Technical
(1) by
jason
Book Reviews
: [Article]-Mitnick - The Art Of Intrusion: Ch 1 - Hacking The Casinos For A Million Bu...
(5) by
jason
Links to cool sites.
: Free Computer Engineering Classes From Stanford
(3) by
jason
Oct 2008 - Scooby Doo and the Crypto Caper
: Skillz October 08 Winning Entry - Creative
(1) by
jason
Oct 2008 - Scooby Doo and the Crypto Caper
: [Article]-Scooby Doo and the Crypto Caper - Answers and Winners
(2) by
jason
News Items and General Discussion About EH-Net
: [Article]-Jan 2009 Free Giveaway Sponsor - Black Hat DC
(1) by
jason
News Items and General Discussion About EH-Net
: EH-Net Milestone - 2 Articles Cross 1 Million Page Views
(3) by
BillV
Other
: What kind of lab, machines you have for your security testing?
(12) by
charlottebandit
Malware
: Network Virus Problem
(9) by
RoleReversal
Wireless
: WUSB600N good usb ?
(2) by
nap191
Other
: FBI code cracking challenge
(3) by
jimbob
Calendar Of Events
: RSA 2009
(0) by
don
Forensics
: Network Forensic tools/practice/techniques
(2) by
jimbob
Malware
: Autoplay when i try to open the drive.
(4) by
jimbob
CEH - Certified Ethical Hacker
: Any Practice Environment for learning tool for CEH?
(15) by
don
Wireless
: a petri-dish bridge
(2) by
don
CEH - Certified Ethical Hacker
: TFTP Tranfer time out
(5) by
jason
Tools
: tool to trace users
(8) by
pseud0
Malware
: Malware Challenge 2008 Analysis
(0) by
blackazarro
Programming
: Python 3.0 Released
(0) by
don
Forensics
: SANS SIFT Forensic toolkit
(1) by
don
Vote For EH-Net
progenic.com
binarica.com
technorati fave
Privacy Notice
for TDCC & All Properties
© 2009 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
Other : Insanity?
OSCP - Offensive Security Certified Professional : Offensive Security Releases Sample Pen Testing Report
