Page 1 of 1

i have a question :)

PostPosted: Sun Dec 30, 2012 12:36 pm
by sharaban
hey guys i wana find out is that possible that u can mix picture with one program and make it as a link .then i want when one person copy the link and past in a browser then my program wich is with the picture will download or run auto with out that person run the program then the picture will show up i been looking all over google search couldnt find my answer there . and if my threat is against rule i am so sorry and i do make apologize . if not then i will apreciate some one help me out . thank you all and all have happy new year :)

Re: i have a question :)

PostPosted: Sun Dec 30, 2012 5:19 pm
by -Ninjex-
sharaban wrote:hey guys i wana find out is that possible that u can mix picture with one program and make it as a link .then i want when one person copy the link and past in a browser then my program wich is with the picture will download or run auto with out that person run the program then the picture will show up i been looking all over google search couldnt find my answer there . and if my threat is against rule i am so sorry and i do make apologize . if not then i will apreciate some one help me out . thank you all and all have happy new year :)


From my knowledge base, no.
This however is a good way to direct phishing attacks if you coud post your image inside of a html syntax giving it a hyper link. When someone clicks your image it would of course redirect them to your site that you could put an iframe with a malicous site inside that runs a php script for stealing cookies. The iframe hight and width set to 0, 0 of course.

Re: i have a question :)

PostPosted: Sun Dec 30, 2012 9:02 pm
by tgoe
Yeah, it's possible. Not too long ago there was a PoC for The GIMP, written in COBOL (lol), that if modified could achieve what you describe. You're looking to target a program that uses a vulnerable image processing library. Browsers are on top of things like this, though. But *very* recently there has been a drive-by download problem with Chrome. You can easily trick a user into downloading an executable disguised as a picture. I'm sure it will make the news soon...

Re: i have a question :)

PostPosted: Sun Dec 30, 2012 9:09 pm
by limdis
Yeah I've heard about this sort of thing. I remember an old school way to get sub7 to your victims was scripting it inside an image. Recently though I've heard of code being hidden in QR Codes and pasted up all over the place screwing anyone who scans it with their phone. (*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

Just having a bit trouble with your English. Not 100% sure what you are asking

Re: i have a question :)

PostPosted: Sun Dec 30, 2012 9:54 pm
by -Ninjex-
tgoe wrote:Yeah, it's possible. Not too long ago there was a PoC for The GIMP, written in COBOL (lol), that if modified could achieve what you describe. You're looking to target a program that uses a vulnerable image processing library. Browsers are on top of things like this, though. But *very* recently there has been a drive-by download problem with Chrome. You can easily trick a user into downloading an executable disguised as a picture. I'm sure it will make the news soon...


I am not sure if I understood his question but it seemed like what he was asking is if he made a hyper link image that also triggers a hidden download; meaning when someone clicked it, it would take them to the desired link, while at the same time downloading a .exe file in the background of your computer without your knowledge.

Correct me if I am wrong, but to me it seems like at the end of your message "You can easily trick a user into download an executable disguised as a picture" Would be the same as merging the .exe with the picture?? This would be rather easy to acomplish since the victom would have knowledge of the download, since it would prompt for it. His style the way I read it is asking to not recieve a prompt for the download.

Re: i have a question :)

PostPosted: Sun Dec 30, 2012 10:49 pm
by tgoe
Yeah, with the current stable version of Chrome, this is possible (i.e. without the formal "download" prompt). Posting 0-days violates ToS here, though :)

Re: i have a question :)

PostPosted: Mon Dec 31, 2012 1:37 am
by mShred
tgoe wrote:Posting 0-days violates ToS here, though :)

Psh... shit.... That's what PM is for.
limdis wrote:(*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

I like, I like.

Re: i have a question :)

PostPosted: Wed Jan 02, 2013 8:25 pm
by LoGiCaL__
mShred wrote:.
limdis wrote:(*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

I like, I like.


This has actually been discussed on the forums a few times and wouldn't be that hard to pull off. Anyone with a bit of skill and some imagination could easily create trustworthy looking posters/signs with a qr code stating it will send you to facebook. Just try to re-create a facebook login and boom I'm sure you can harvest some logins. It's a numbers game.

Re: i have a question :)

PostPosted: Fri Jan 25, 2013 7:11 am
by sharaban
well u guys know about love there was one gorle that she thought the guy loved her then she done every thing for him taking some pic aswell now that guy his job done by excuse of love he saved all her pic and he asked if she deonst give money to him he will posted every where and so she ask me if i can inter his pc cause all the pic was saved in his pc and delet every one of them . that is why i asked for that .but hopefuly some one else done that to him he went inside his pc and delet all her pic and destroyed his pc :) she was from some where that her culture wont let here even talk with a stranger and if there family know about that it would be the end of her life but every thing sorted out thank u all for the reply :)