.

hiding a programme__help

<<

bojan

Newbie
Newbie

Posts: 19

Joined: Wed Mar 26, 2008 2:03 am

Post Thu Apr 24, 2008 7:07 am

hiding a programme__help

Is there any way to hide a programme ??I mean I want to execute that programme,but I want to hide it under any image,video or anything else,so whenever I will save that image,video etc or run it the hidden programme will be installed automatically??/is there any tool available for this or any procedure???please help!
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Apr 24, 2008 7:21 am

Re: hiding a programme__help

Bojan,

have you asked Google first?

From my understanding you will need to modify an existing application to execute your 'hidden' code, therefore I'd be surprised if there are any tools that can automate the process (at least I haven't come across anything).
<<

dean

Post Thu Apr 24, 2008 8:04 am

Re: hiding a programme__help

First, try to use some punctuation it will make things a little easier to read and there is no need for the multiple '?' We understand that you're asking a question.

Second, Google is your friend there is a substantial amount of information on this topic out there. Show that you actually did some research before posting.

To answer your question:

Use a binder. This is a tool that allows you to 'wrap' one executable with another. There are many variants out there. Whether or not it will be detected depends on whether your RAT is known or not.
<<

bojan

Newbie
Newbie

Posts: 19

Joined: Wed Mar 26, 2008 2:03 am

Post Thu Apr 24, 2008 8:12 am

Re: hiding a programme__help

yes dean,I am looking for a good binder!!I was using upx for some time but it was not that good!So can you please tell me is there any good binder available?but at the same time I want to know that what actually a binder does?Is binder will help me to change the look of my programme??
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Apr 24, 2008 8:24 am

Re: hiding a programme__help

again...

[quote=dean]Google is your friend there is a substantial amount of information on this topic out there. Show that you actually did some research before posting.
[/quote]
Reluctant CISSP, Certified ASS
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Apr 24, 2008 10:11 am

Re: hiding a programme__help

Reading back to the original post, he wanted to hide it within a picture or video.  That changes the deal a little bit.  It is easier to hide an executable within another executable than it is to hide an executable in a picture or video.  The idea is that the .exe is already making system calls and such that you can abuse, while a video or picture is generally read from and interpreted by some other application.  There are ways to include nasty code into a video or picture so that the application reading the file gets "hacked", but this isn't the same as having a hidden program kick off in the background.  There are some ways to do this, but they are not as clean or consistent as you'd probably like.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

dean

Post Thu Apr 24, 2008 11:25 am

Re: hiding a programme__help

bojan wrote:but I want to hide it under any image,video or anything else,so...


or anything else would be an .exe, no?

a binder does not 'abuse' the calls made by the host exe.  One is simply run in the background. If you bind two exe's the size will generally increase. Just something to be aware of.

if you want to hide an exe in an image try this:

zip the executable

copy /b image.jpg+file.zip output.jpg

right click on the image that is created and use winzip/winrar to open it.

it won't execute it but it is a way to hide it.

Tools like YAB will bind exes. FileBinder will bind any file. Whether or not this will run when the jpg is open I have not tested.

Honestly, there are a far easier ways to get an executable on a remote host. ADODB stream being one.

dean
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Apr 24, 2008 11:36 am

Re: hiding a programme__help

dean,
    Agree with your post, I just noticed that he seemed to be stressing the "image,video" issue.  As you mentioned, it can be straightforward to hide a file in an image, but getting to execute and run when viewed isn't trivial. 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

iSmith

User avatar

Full Member
Full Member

Posts: 157

Joined: Sun Jan 20, 2008 12:01 pm

Post Thu Apr 24, 2008 1:28 pm

Re: hiding a programme__help

here is my not-so-expert advice.
1 create a batch file that executes your program. be sure to add a line at the end "open media.xxx" to open you media. (this will only appear to work if the person opens the file with the default program.)
2 create a shortcut to the batch file and then edit it's properties so that it has the icon of the appropriate media.
note this will not hide the little arrow that is typical of shortcuts.
In my eyes, your operating system is as solid as swiss cheese.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Apr 24, 2008 2:06 pm

Re: hiding a programme__help

I think the purpose of his question was to find a way to hid a program so that it was not directly observable to the user.  To do that the program would have to be hidden in the data and file structure of the trojaned data (or an alternate date stream), and the resources necessary to run the program would have to be shared in such a way that they are not directly attributable to the hidden executable.  (or hidden with a rootkit?) 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

bojan

Newbie
Newbie

Posts: 19

Joined: Wed Mar 26, 2008 2:03 am

Post Fri Apr 25, 2008 12:42 am

Re: hiding a programme__help

I just want to hide it actually,because it's not easy to compromise the target for running the programme!!!so If I want to hide any programme what I have to do?Target will run a programme and the hidden one will be executed automatically and silently and will not be detected!!!
Last edited by bojan on Fri Apr 25, 2008 1:05 am, edited 1 time in total.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Fri Apr 25, 2008 7:02 am

Re: hiding a programme__help

Well there's your problem... it looks like your blinker fluid is low and you need to rotate your muffler bearings.  If you have a VAX system sitting around you could put together a banyan bomb and push it through the intergoogletubes to your target.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Fri Apr 25, 2008 7:52 am

Re: hiding a programme__help

Could be the flux capacitor...
Reluctant CISSP, Certified ASS
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Apr 25, 2008 10:16 am

Re: hiding a programme__help

Hey bojan,

You've been given a few things to go on, and if it ends up being that difficult to compromise the target, maybe we can deduce that the security is good. Now we can move on to other machines in the network that you have permission to test. You know the theme of this site, so I'm assuming this is either a client for which you have permission to do this or it's your own lab.

Either way, I think this thread has run its course.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software