Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Thursday, June 22, 2017
 Need Help?
Members Online
Total Online: 75
Guests Online: 72
Members Online: 3

Registered Members: 100607
Newest Member: SerenitysBlade
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general


FALSE JPG,TXT,LOG or Microsoft sucks.


Your avatar

Posts: 2
Location: Berlin
Joined: 12.12.11
Posted on 27-04-12 21:26
Hi I found something curious in windows (XP,W7,W2003) I don't know if already exist or if somebody more already has tries with this but I'm going to try to explain it.

If we change the extension of the some executable of windows, for example :

C:\windows\notepad.exe to C:\Windows\notepad.pmp

And we tried to execute it from the explorer doesn't happen nothing, but if we open a prompt (cmd) and type

C:\Windows\notepad.pmp and press enter

EUREKA the executable is open so may be you could think well is a executable in windows folder... but if you try with any other executable out of windows folder going to have the same behavior.

I tried too changes the same with AcrobatReader.exe I have changed for : troyano.jpg, troyano.mdd, troyano.txt, troyano.log and it has the same behavior.

Additionally I though in something more and I put the path in the RUN key of REGISTRY to try but doesn't work, but if we create a bat file that call the executable doesn't have problems.

Example :
copy con troyano.bat

I think that is a good idea if you have imagination and I would like to help with something.

Edited by rex_mundi on 11-12-13 13:35
na na na

RE: FALSE JPG,TXT,LOG or Microsoft sucks?


Posts: 332
Location: inside you.
Joined: 22.09.10
Posted on 27-04-12 21:50
Interesting. I'd bet it has something to do with environment variables in CMD and explorer being different. Running from explorer shell and running from prompt are two distinctly different things. Here's the list of CMD vars:

CMD variables

and this CMD tutorial seems to describe it best:


The key text here being "Cmd.exe recognizes files with .com, .exe, .bat, .cmd, .vbs, .js, and .ws extensions, and any other extensions that are defined by the PATHEXT environment variable as executable files, but it can also run files without these known extensions if the file's binary image contains an executable header."

It seems CMD views extensions as arbitrary as long as the necessary header info is contained inside the file.

That being said, I'm no Windows expert and these are only suggestions. Hit up the DOS team members or the IRC for more info.

G'bye y'all! I was an asshole, So korg banned me.

Edited by Arabian on 27-04-12 22:00

RE: FALSE JPG,TXT,LOG or Microsoft sucks?


Your avatar

Posts: 2
Location: Berlin
Joined: 12.12.11
Posted on 27-04-12 22:09
Thanks and I already knew that.. but seemed to me interesting because we can change too the extension of the jpg or other files and we can have a similar behavior for example :


If we give double click from explorer it tries to open as log file but if we open with mspaint from prompt, it works.

c:\mspaint c:\windows\Azteca.log

I just tried to explain something that could help someone to hide or to explore options in MSwindows.


na na na

RE: FALSE JPG,TXT,LOG or Microsoft sucks?


Posts: 173
Joined: 13.06.09
Uber Elite
Posted on 28-04-12 01:32
CMD reads the header of a file before executing. If it finds the file is an executable binary, it will execute it. Also, CMD knows how to open different file extensions based on settings provided in explorer. If you right-click a file and tell explorer to always open files of that extension with a specific program, CMD will open it with the specified program.

If you type "set" into CMD, you will see that environment variables don't define which programs handle specific file extensions. If you check the registry, HKEY_LOCAL_MACHINE\SOFTWARE\Classes tells explorer which programs handle which extensions. CMD reads this so it can know how to open the file. CMD reads the header of an unknown file and if it matches a definition in the HKEY_LOCAL_MACHINE\SOFTWARE\Classes, it will try to open it with that program.

EDIT: Fixed a grammatical error.


Edited by ellipsis on 28-04-12 02:27

RE: FALSE JPG,TXT,LOG or Microsoft sucks?


Posts: 29
Joined: 07.09.11
Posted on 18-05-12 01:04
Because the metadata/file date is still the same and visible in plain text, you're not really too secure. It's still going to hash out the same, so you're not protected against signature based detection or forensic analysis.

It's still a neat idea tho. I've also heard about shrinking an image to 1pixel by 1pixel, and store it as a period in a word document. You can even go to the trouble of making a semicolon with a comma/pic so that it doesn't set off the spell check. You could also make a file a shortcut to control panel - so when you run it control panel actually opens.

But they are still plain text...

tip the cup, feed the fire, and forget about useless fucking hope. - a desolation song, agalloch