Subscribe to RSS
The program then installs the keylogger. But this is not an image with embedded keylogger. Its a program pretending to be an image with an embedded keylogger, trying to trick the person into opening the image, the same way spyware is being made to trick the user to open it and install itself. How to inject executable, malicious code into PDF, JPEG, MP3, etc.? Ask Question Asked 9 years, 6 months ago. Active 3 years, 11 months ago. Viewed k times I wanted to know if its generally possible to inject executable code into files like PDFs or JPEGs etc., or must there be some kind of security hole in the application? And if so.
Remember Me? Advanced Search. Page 1 of 2 1 2 Last Jump to page: Results 1 to 15 of Thread: Make a keylogger in picture?
Unregistered Guest. Make a keylogger in picture? Ok here it is, Is there anny way to put an keylogger in an picture JPG or annything else? If yes, show us ur script. Ben Dover Guest. Yes there is way Yes there is way - Its called steganography. If you intrested i have such programs. But they aren't free. Well Wicked! Yes i am interested, u use Msn messenger? Join Date May Posts Yhea, but i want if u open the picture to have an keylogger on the openers pc.
Originally Posted by Unregistered. Hey, I want to use Steganography and attach a keylogger to a program, how to put pink highlights in dark hair I don't have a keylogger which sends me logs via email. Where can I get one of them for what is the meaning of anis I Hav hi i hav got keylogger i can giv you or tell u the site but u'll have to tell me how to make it into picture.
MrMicrosoft Guest. Join Date Aug Posts 6. Join Date Sep Posts 6. Join Date Oct Posts 1. Page 1 of 2 1 2 Last Jump to page:. Similar Threads Help: Can someone help me make a keylogger for diablo2. By d2Lan in forum Viruses and Trojans. Replies: 2 Last Post:AM. Replies: 3 Last Post:PM. Replies: 6 Last Post:AM. How To Make KeyLogger? By yoav in forum Internet Privacy. Replies: 0 Last Post:AM. By Unregistered in forum Viruses and Trojans. All times are GMT The time now is PM.
Oct 05, · i hav got keylogger i can giv you or tell u the site but u'll have to tell me how to make it into chesapeakecharge.com yes then email me at [email][email protected]*****[/email] , . Jun 01, · Once the image is clicked, the system's CPU shoots up to percent usage, which indicates the exploit successfully worked. The malicious code IMAJS then sends the target machine's data back to the attacker, thereby creating a text file on the target computer that says — "You are hacked! Dec 25, · Click on open file, select Payload and select any file icon. Then click on generate. Your file is ready, send it to your target. As soon as your target runs this file on its system its entire system will come into your.
Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. I often hear that people get infected by opening PDFs that contain malicious code, that's why I ask. Think like any very-simple-and-common. Then think about of processing the file, somehow, instead of just showing the contents.
For example, reading the file and interpreting it's values. If it isn't done correctly, this could lead to execution of the bytes that are inside the file. For example: if you have designed your app to load the whole file and show it, but somehow you have a variable inside your program that only holds bytes.
This could make you read and write to memory more bytes than your app expected. And, imagine, inside your app there would be any command to jump to position NNNN in memory and execute what is there , but since that memory position was written with data your program didn't expect, then you'll execute some code that shouldn't be there, and was loaded from your file Another possibility: for any other reason, the app or some DLL it loads to read your data executes some part of the data, instead of reading it.
If you know what would be the command or the data that would trigger this behavior, you put those commands inside the data file like the pdf file so that the app executes it.
Intentional execution is when a file is read by an application and the application does something based on whatever the file says. Reading the file is called parsing the file. Unintentional execution is when the parser reads something it shouldn't, and instead of breaking, it continues executing. This unintentional execution is a vulnerability because if I can get the parser to execute something, I can probably get it to execute something malicious.
Is it generally possible? It all depends on the file format and the application that reads it. Some files are designed to allow executable stuff, some aren't. Some applications allow for the code to execute, others don't.
If the application doesn't support it, there must be a vulnerability present to execute. It all depends on the file format, but it's usually by finding a flaw in the file parser logic.
The key problem with pdf's, Word documents etc is that the current standards allow macros and executable code. In my opinion this is a fatal flaw, but then I like emails to be text only It is that macro execution stage that is usually the target for attack, as it provides a way to run code. The attacker just needs to figure out how to get past the controls present, which may be buffer overflow or other attack mechanism. I disagree with the answer "There must be some security hole in the application".
It is generally incorrect. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Ask Question. Asked 9 years, 6 months ago.
Active 3 years, 11 months ago. Viewed k times. And if so, how would one do that? Improve this question. Add a comment. Active Oldest Votes. There must be some security hole in the application.
That was a buffer overflow attack. The same could happen with pdf, jpg, mp3, etc, if the app didn't load the data correctly. Improve this answer.
Daniel V 3 3 silver badges 12 12 bronze badges. There are two ways for a piece of code to be executed: intentionally and unintentionally.
To answer your questions: Is it generally possible? Steve Steve There are two things that make an exe executable, the extension. Windows interprets. Appending blah. GeorgeBailey yes and no. It depends on what is acting on the file. If it's explorer acting on it through double clicking the file then its just going to load the handler associated with.
If you call into the low-level start proc api with a file with a jpg extension it will execute it because that API opens the exe and looks for the exe header. Show 1 more comment. It's not only macros these are usually disabled by default and need user confirmation , sometimes it's just other kinds of active content. Great example is the Excel file with the exploit that was e-mailed to RSA employees - f-secure.
I disagree with the answer "There must be some security hole in the application" It is generally incorrect. Read these two questions on why you should not just answer with a link: meta. The Overflow Blog. Podcast Non-fungible Talking. Featured on Meta. New onboarding for review queues. Linked Related 3. Hot Network Questions. Question feed. Accept all cookies Customize settings.