How to Hide Payloads & Backdoor Inside Images
ExifTool : Hide Payloads Inside Images
In this blog, we will explore various methods to hide payload inside an image. For that, we will use ExifTool that is pre-installed in Kali Linux. There are several features inside ExifTool, For example, Hiding payload, extracting metadata, etc. ExifTool gives us the easiest way to extract metadata inside images. It is a free and open-source tool developed by Phil Harvey.
Table of Content
- Introduction to ExifTool
- Installation
- Hide Payloads & Backdoor inside image
Introduction to ExifTool
As you know, we have earlier mentioned exiftool. The purpose of ExifTool is to read, write and manipulate the metadata of an image. Assume! While solving the CTF challenges, we have seen that port 80 is open into the target system. Without wasting time, we started scraping the webserver. After doing hard work, we found an image in the target system which may be an essential secret hidden. We don’t have any knowledge to extract metadata from inside an image. Now we will apply ExifTool to extract metadata from the image.
Installation
The process of installing ExifTool is easy in Kali Linux. In other operating systems could be different. To install exiftool in Kali Linux, we need to run the following command.
- apt-get install exiftool
- apt-get install libimage-exiftool-perl
To get more information about ExifTool, you should read the manual page.
- man exiftool | more
Hide Payloads & Backdoor inside image
From the below image, you can notice that two types of files available inside the ExifTool folder.
- pentestblog.png
- shell.php
We will extract the entire metadata of the pentestblog.png image with the help of ExifTool. Sometimes during the CTF challenge, the passwords are stored inside the image. We need to execute the given below command.
- exiftool pentestblog.png | more
We have designed a payload inside the “shell.php” file that opens the door for code execution on a web server so that attackers can easily access your system.
Now we will hide the payload inside the “pentestblog.png” image. According to the below image, we have already mentioned: “shell. php“
To hide this type of payload, follow the below command.
- exiftool "-comment<=shell.php" pentestblog.png
We were able to hide the payload inside the image. I hope you liked this blog.
- strings pentestblog.png | grep system
Again we will extract the entire metadata of the pentestblog.png image with the help of ExifTool. Now you can notice that our payload has attached to the comment field.
- exiftool pentestblog.png
Latest Posts
- How to Hack Android Phone by Sending Link
- Remove Microsoft Windows 10 Login Password Without Losing Data
- [Tutorial] Installing Kali Linux 2021.2 from Bootable USB on Laptop
- Top 10 Best Computer Hacking Gadgets List 2021 For Hackers
- What is Termux? How To Use Termux Basic Command As a Beginner?
⭐⭐⭐⭐⭐
Rating: 5 out of 5.
Very nice blog
Hola! I’ve been following your website for a while now
and finally got the courage to go ahead and give you a shout
out from Dallas Tx! Just wanted to tell you keep up the fantastic job!
My web site; online casino games
I am really inspired with your writing abilities as neatly as with
the layout for your weblog. Is this a paid topic or
did you modify it your self? Either way stay up the nice quality writing, it is rare to
peer a great blog like this one these days..
my blog post; Cecile