Fake image.jpg (hide known file extensions) to exploit targets

Legal Disclamer:

The author does not hold any responsibility for the bad use of this tool,
remember that attacking targets without prior consent is illegal and punished by law.

Description:

This module takes one existing image.jpg and one payload.exe (input by user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download
of the 2 previous files stored into apache2 webserver (image.jpg + payload.exe).
This module also changes the agent Icon to match one file.jpg icon. Then uses
'hide known file extensions' to hidde the .exe extension (final: agent.jpg.exe) ..

Exploitation:

FakeImageExploiter stores all files in apache2 webroot, zips (.zip) the agent,
starts apache2 and metasploit services(handler), and provides a URL to send to
target (triggers agent.zip download). As soon as the victim runs our executable,
our picture will be downloaded and opened in the default picture viewer, our
malicious payload will be executed, and we will get a meterpreter session.

But it also stores the agent (not ziped) into FakeImageExploiter/output folder
if we wish to deliver agent.jpg.exe using another diferent attack vector.

'This tool also builds a cleaner.rc file to delete payloads left in target'
HINT: migrate to another process before using cleaner to delete payload.exe

FakeImageExploiter v1.3

Payloads accepted (user input):

payload.exe (default) | payload.ps1 | payload.txt [Metasploit Builds]
"Edit 'settings' file before runing tool to use other extensions"

FakeImageExploiter v1.3

Pictures accepted (user input):

All pictures with .jpg (default) | .jpeg | .png  extensions (all sizes)
"Edit 'settings' file before runing tool to use other extensions"

FakeImageExploiter v1.3

Dependencies:

xterm, zenity, apache2, mingw32[64], ResourceHacker(wine)
'Auto-Installs ResourceHacker.exe under ../.wine/Program Files/.. directorys'

WARNING: To change icon manually (resource hacker bypass) edit 'settings' file.
WARNING: The agent.jpg.exe requires the inputed files to be in apache2 (local)
WARNING: The agent.jpg.exe uses the powershell interpreter (does not work againts wine).
WARNING: The ResourceHacker provided by this tool requires WINE to be set to windows 7

FakeImageExploiter v1.3

Download/Install/Config:

1º - Download framework from github
     git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git

2º - Set files execution permitions
     cd FakeImageExploiter
     sudo chmod +x *.sh

3º - Config FakeImageExploiter settings
     nano settings

4º - Run main tool
     sudo ./FakeImageExploiter.sh

Framework Banner

FakeImageExploiter v1.3

settings file

FakeImageExploiter v1.3

Agent(s) in windows systems

FakeImageExploiter v1.3

quick-download-media-file-image

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s