i have a question :)

General technological topics without their own forum go here

i have a question :)

Post by sharaban on Sun Dec 30, 2012 12:36 pm
([msg=71886]see i have a question :)[/msg])

hey guys i wana find out is that possible that u can mix picture with one program and make it as a link .then i want when one person copy the link and past in a browser then my program wich is with the picture will download or run auto with out that person run the program then the picture will show up i been looking all over google search couldnt find my answer there . and if my threat is against rule i am so sorry and i do make apologize . if not then i will apreciate some one help me out . thank you all and all have happy new year :)
sharaban
New User
New User
 
Posts: 14
Joined: Mon Oct 22, 2012 1:46 pm
Blog: View Blog (0)


Re: i have a question :)

Post by -Ninjex- on Sun Dec 30, 2012 5:19 pm
([msg=71888]see Re: i have a question :)[/msg])

sharaban wrote:hey guys i wana find out is that possible that u can mix picture with one program and make it as a link .then i want when one person copy the link and past in a browser then my program wich is with the picture will download or run auto with out that person run the program then the picture will show up i been looking all over google search couldnt find my answer there . and if my threat is against rule i am so sorry and i do make apologize . if not then i will apreciate some one help me out . thank you all and all have happy new year :)


From my knowledge base, no.
This however is a good way to direct phishing attacks if you coud post your image inside of a html syntax giving it a hyper link. When someone clicks your image it would of course redirect them to your site that you could put an iframe with a malicous site inside that runs a php script for stealing cookies. The iframe hight and width set to 0, 0 of course.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1455
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: i have a question :)

Post by tgoe on Sun Dec 30, 2012 9:02 pm
([msg=71891]see Re: i have a question :)[/msg])

Yeah, it's possible. Not too long ago there was a PoC for The GIMP, written in COBOL (lol), that if modified could achieve what you describe. You're looking to target a program that uses a vulnerable image processing library. Browsers are on top of things like this, though. But *very* recently there has been a drive-by download problem with Chrome. You can easily trick a user into downloading an executable disguised as a picture. I'm sure it will make the news soon...
User avatar
tgoe
Contributor
Contributor
 
Posts: 664
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: i have a question :)

Post by limdis on Sun Dec 30, 2012 9:09 pm
([msg=71894]see Re: i have a question :)[/msg])

Yeah I've heard about this sort of thing. I remember an old school way to get sub7 to your victims was scripting it inside an image. Recently though I've heard of code being hidden in QR Codes and pasted up all over the place screwing anyone who scans it with their phone. (*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

Just having a bit trouble with your English. Not 100% sure what you are asking
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1413
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: i have a question :)

Post by -Ninjex- on Sun Dec 30, 2012 9:54 pm
([msg=71900]see Re: i have a question :)[/msg])

tgoe wrote:Yeah, it's possible. Not too long ago there was a PoC for The GIMP, written in COBOL (lol), that if modified could achieve what you describe. You're looking to target a program that uses a vulnerable image processing library. Browsers are on top of things like this, though. But *very* recently there has been a drive-by download problem with Chrome. You can easily trick a user into downloading an executable disguised as a picture. I'm sure it will make the news soon...


I am not sure if I understood his question but it seemed like what he was asking is if he made a hyper link image that also triggers a hidden download; meaning when someone clicked it, it would take them to the desired link, while at the same time downloading a .exe file in the background of your computer without your knowledge.

Correct me if I am wrong, but to me it seems like at the end of your message "You can easily trick a user into download an executable disguised as a picture" Would be the same as merging the .exe with the picture?? This would be rather easy to acomplish since the victom would have knowledge of the download, since it would prompt for it. His style the way I read it is asking to not recieve a prompt for the download.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1455
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: i have a question :)

Post by tgoe on Sun Dec 30, 2012 10:49 pm
([msg=71902]see Re: i have a question :)[/msg])

Yeah, with the current stable version of Chrome, this is possible (i.e. without the formal "download" prompt). Posting 0-days violates ToS here, though :)
User avatar
tgoe
Contributor
Contributor
 
Posts: 664
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: i have a question :)

Post by mShred on Mon Dec 31, 2012 1:37 am
([msg=71907]see Re: i have a question :)[/msg])

tgoe wrote:Posting 0-days violates ToS here, though :)

Psh... shit.... That's what PM is for.
limdis wrote:(*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

I like, I like.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1763
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: i have a question :)

Post by LoGiCaL__ on Wed Jan 02, 2013 8:25 pm
([msg=71972]see Re: i have a question :)[/msg])

mShred wrote:.
limdis wrote:(*cough * movie posters in theaters *cough* just put yours over the original *cough cough*)

I like, I like.


This has actually been discussed on the forums a few times and wouldn't be that hard to pull off. Anyone with a bit of skill and some imagination could easily create trustworthy looking posters/signs with a qr code stating it will send you to facebook. Just try to re-create a facebook login and boom I'm sure you can harvest some logins. It's a numbers game.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: i have a question :)

Post by sharaban on Fri Jan 25, 2013 7:11 am
([msg=72622]see Re: i have a question :)[/msg])

well u guys know about love there was one gorle that she thought the guy loved her then she done every thing for him taking some pic aswell now that guy his job done by excuse of love he saved all her pic and he asked if she deonst give money to him he will posted every where and so she ask me if i can inter his pc cause all the pic was saved in his pc and delet every one of them . that is why i asked for that .but hopefuly some one else done that to him he went inside his pc and delet all her pic and destroyed his pc :) she was from some where that her culture wont let here even talk with a stranger and if there family know about that it would be the end of her life but every thing sorted out thank u all for the reply :)
sharaban
New User
New User
 
Posts: 14
Joined: Mon Oct 22, 2012 1:46 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests