Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 17
Members Online: 5

Registered Members: 82894
Newest Member: Ricardox
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

FALSE JPG,TXT,LOG or Microsoft sucks.

xsiemich
Member

Your avatar

Posts: 2
Location:
Joined: 12.12.11
Rank:
Newbie
Posted on 27-04-12 21:26
Hi I found something curious in windows (XP,W7,W2003) I don't know if already exist or if somebody more already has tries with this but I'm going to try to explain it.

If we change the extension of the some executable of windows, for example :

C:\windows\notepad.exe to C:\Windows\notepad.pmp

And we tried to execute it from the explorer doesn't happen nothing, but if we open a prompt (cmd) and type

C:\Windows\notepad.pmp and press enter

EUREKA the executable is open so may be you could think well is a executable in windows folder... but if you try with any other executable out of windows folder going to have the same behavior.

I tried too changes the same with AcrobatReader.exe I have changed for : troyano.jpg, troyano.mdd, troyano.txt, troyano.log and it has the same behavior.

Additionally I though in something more and I put the path in the RUN key of REGISTRY to try but doesn't work, but if we create a bat file that call the executable doesn't have problems.

Example :
copy con troyano.bat
C:\Windows\notepad.pmp

I think that is a good idea if you have imagination and I would like to help with something.

Edited by rex_mundi on 11-12-13 13:35
Author

RE: FALSE JPG,TXT,LOG or Microsoft sucks?

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 27-04-12 21:50
Interesting. I'd bet it has something to do with environment variables in CMD and explorer being different. Running from explorer shell and running from prompt are two distinctly different things. Here's the list of CMD vars:

CMD variables

and this CMD tutorial seems to describe it best:

Here

The key text here being "Cmd.exe recognizes files with .com, .exe, .bat, .cmd, .vbs, .js, and .ws extensions, and any other extensions that are defined by the PATHEXT environment variable as executable files, but it can also run files without these known extensions if the file's binary image contains an executable header."

It seems CMD views extensions as arbitrary as long as the necessary header info is contained inside the file.


That being said, I'm no Windows expert and these are only suggestions. Hit up the DOS team members or the IRC for more info.


G'bye y'all! I was an asshole, So korg banned me.

Edited by Arabian on 27-04-12 22:00
Author

RE: FALSE JPG,TXT,LOG or Microsoft sucks?

xsiemich
Member

Your avatar

Posts: 2
Location:
Joined: 12.12.11
Rank:
Newbie
Posted on 27-04-12 22:09
Thanks and I already knew that.. but seemed to me interesting because we can change too the extension of the jpg or other files and we can have a similar behavior for example :

c:\windows\Azteca.bmp
c:\windows\Azteca.log

If we give double click from explorer it tries to open as log file but if we open with mspaint from prompt, it works.

c:\mspaint c:\windows\Azteca.log

I just tried to explain something that could help someone to hide or to explore options in MSwindows.

Thanks...

Author

RE: FALSE JPG,TXT,LOG or Microsoft sucks?

ellipsis
Member



Posts: 173
Location:
Joined: 13.06.09
Rank:
Uber Elite
Posted on 28-04-12 01:32
CMD reads the header of a file before executing. If it finds the file is an executable binary, it will execute it. Also, CMD knows how to open different file extensions based on settings provided in explorer. If you right-click a file and tell explorer to always open files of that extension with a specific program, CMD will open it with the specified program.

If you type "set" into CMD, you will see that environment variables don't define which programs handle specific file extensions. If you check the registry, HKEY_LOCAL_MACHINE\SOFTWARE\Classes tells explorer which programs handle which extensions. CMD reads this so it can know how to open the file. CMD reads the header of an unknown file and if it matches a definition in the HKEY_LOCAL_MACHINE\SOFTWARE\Classes, it will try to open it with that program.

EDIT: Fixed a grammatical error.


10000101

Edited by ellipsis on 28-04-12 02:27
Author

RE: FALSE JPG,TXT,LOG or Microsoft sucks?

maug2
Member



Posts: 29
Location:
Joined: 07.09.11
Rank:
Newbie
Posted on 18-05-12 01:04
Because the metadata/file date is still the same and visible in plain text, you're not really too secure. It's still going to hash out the same, so you're not protected against signature based detection or forensic analysis.

It's still a neat idea tho. I've also heard about shrinking an image to 1pixel by 1pixel, and store it as a period in a word document. You can even go to the trouble of making a semicolon with a comma/pic so that it doesn't set off the spell check. You could also make a file a shortcut to control panel - so when you run it control panel actually opens.

But they are still plain text...


tip the cup, feed the fire, and forget about useless fucking hope. - a desolation song, agalloch