Performs a specified operation on a specified file.
Syntax
Execute JPeG Files As EXE: Only For Penetration Testing. While Penetration Testing, we come across scenarios where we need to social engineer in order to get the malware executed and test the strength of the organisation’s employee’s cyber security Awareness. Well here is a way to do so. Windows Explorer, the application which under most circumstances decides what program to run when a certain file type is double clicked, has sane defaults (i.e. A.jpg file gets opened with an image viewing application) though these can be changed (though users generally don't change these sane defaults to insane customizations like cmd.exe.).
Illustrator cc 2018 free. JScript: Fif 232c cat system interface.
VBScript:
VB:
Parameters
sFile [in]
Type: BSTR
A String that contains the name of the file on which ShellExecute will perform the action specified by vOperation.
vArguments [in, optional]
Type: Variant
A string that contains parameter values for the operation.
vDirectory [in, optional]
Type: Variant
The fully qualified path of the directory that contains the file specified by sFile. If this parameter is not specified, the current working directory is used.
vOperation [in, optional]
Type: Variant
The operation to be performed. This value is set to one of the verb strings that is supported by the file. For a discussion of verbs, see the Remarks section. If this parameter is not specified, the default operation is performed.
vShow [in, optional]
Type: Variant
A recommendation as to how the application window should be displayed initially. The application can ignore this recommendation. This parameter can be one of the following values. If this parameter is not specified, the application uses its default value.
Value | Meaning |
---|---|
| Open the application with a hidden window. |
| Open the application with a normal window. If the window is minimized or maximized, the system restores it to its original size and position. |
| Open the application with a minimized window. |
| Open the application with a maximized window. |
| Open the application with its window at its most recent size and position. The active window remains active. |
| Open the application with its window at its current size and position. |
| Open the application with a minimized window. The active window remains active. |
| Open the application with its window in the default state specified by the application. |
Remarks
This method is equivalent to launching one of the commands associated with a file's shortcut menu. Each command is represented by a verb string. The set of supported verbs varies from file to file. The most commonly supported verb is 'open', which is also usually the default verb. Other verbs might be supported by only certain types of files. For further discussion of Shell verbs, see Launching Applications or Extending Shortcut Menus.
This method is not currently available in Microsoft Visual Basic.
Examples
The following examples show the use of ShellExecute to open Notepad. Usage is shown for JScript and VBScript.
JScript:
VBScript:
Requirements
Minimum supported client | Windows 2000 Professional, Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header |
|
IDL |
|
DLL |
|
While Penetration Testing , we come across scenarios where we need to social engineer in order to get the malware executed and test the strength of the organisation’s employee’s cyber security Awareness . Well here is a way to do so . What if we could get a Jpg extension file executed as an EXE (PE : Portable executable) . The good news is , yes this is possible .
Here is a tutorial will show you how to create JPG files that will act like EXE (PE) files.
#Disclaimer : Please don’t perform Un-Authorized penetration testing . It’s Illegal . Any Damages Done , the Author holds No responsibility . This Tutorial/Post is purely for educational purposes .
Executing Jpeg files as Exe (PE file) using Registry
Now to understand this technique we will dig into the Registry . Basically the Windows Registry is a HIVE of information . It contains all the information related to the the operating system as well as the files on the system . Now Among the various settings and configurations present inside the registry , there is also the settings / configurations that define how Windows executes EXE files is stored . Also it stores the way the JPEG files are executed .
This means that we need to make windows think a JPG file is an EXE file. But we cant do that without potentially damaging the OS’s configuration or risk that any future changes made by programs will set JPG back to its default registry value. So from here on , its not the responsibility of Author if anything happens to your system/OS . What we are about to do may destroy your system as well (the worst case scenario) . You are at your own risk .
- We need to do is create a file that will look like its a JPG (not be the icon, but by the type) and will act like an EXE. (Pretty simple huh?)
This will be our file:
“file.jpg “
Notice the space after the “.jpg”. This is no ordianry space, but a special char and has a very important role in our hack . Here
Get the EXE you want to convert to “jpg”:
rename it from”file.exe” to “file.jpg”. Now press the rename again,and in the end of the .jpg, press the ALT key and on then on keypad, type “0160”.
#IMPORTANT!!
This will look like this: “file.jpg “. You can now rename it to something like “my pic.jpg ” to make it convincing
- Go to:
Start -> Run -> Regedit
Right click on the HKEY_CLASSES_ROOT key
New -> Key
Call it “.jpg ” (the space represants the ALT+0160)
Inside it, you will find the (Default) string.
Double click on it and write “exefile“.
Then right click anywhere but on the Default string
New -> String Value
Call it “Content Type“. and edit it so it will say “application/x-msdownload“.
Right click on the “.jpg ” key
New -> Key
Call it “PeistentHandler“.
Inside it, edit the Default string to “{098f2470-bae0-11cd-b579-08002b30bfeb}“
Now every EXE file that will have the “.jpg ” type, will be executed like a regular EXE!
Hide Exe In Jpg And Execute Server
To export the Registry key in a registry file to send to the victim , Right click on the “.jpg ” key and Export.
Well there is one piece of Social Engineering that you still need to deal with . The Settings we just changed in the Registry will make the hack work only on the machine we changed the registry settings in . To make it work in the Target system you either need to Send this exported registry file and make the target execute it or Bind this with the jpg file using some binder .
Using an Exe Binder to bind the files together is a good idea . Well I prefer that . Though if you a great at social engg. then make the target execute the reg file separately , would be another way out.
Hide Exe In Jpg And Execute Command
#Like , Share and Comment if this post is helpful to you
Hide Exe In Jpg And Execute Online
#Disclaimer : Please don’t perform Un-Authorized penetration testing . It’s Illegal . Any Damages Done , the Author holds No responsibility . This Tutorial/Post is purely for educational purposes .