How to Hide Payloads & Backdoor Inside Images

ExifTool : Hide Payloads Inside Images
In this blog, we will explore various methods to hide payload inside an image. For that, we will use ExifTool that is pre-installed in Kali Linux. There are several features inside ExifTool, For example, Hiding payload, extracting metadata, etc. ExifTool gives us the easiest way to extract metadata inside images. It is a free and open-source tool developed by Phil Harvey.
Table of Content
- Introduction to ExifTool
- Installation
- Hide Payloads & Backdoor inside image
Introduction to ExifTool
As you know, we have earlier mentioned ExifTool. The purpose of ExifTool is to read, write and manipulate the metadata of an image. Assume! While solving the CTF challenges, we have seen that port 80 is open into the target system. Without wasting time, we started scraping the webserver. After doing hard work, we found an image in the target system which may be an essential secret hidden. We don’t have any knowledge to extract metadata from inside an image. Now we will apply ExifTool to extract metadata from the image.
Installation
The process of installing ExifTool is easy in Kali Linux. In other operating systems could be different. To install Exifolol in Kali Linux, we need to run the following command.
- apt-get install exiftool
- apt-get install libimage-exiftool-perl

To get more information about ExifTool, you should read the manual page.
- man exiftool | more

Hide Payloads & Backdoor inside image
From the below image, you can notice that two types of files available inside the ExifTool folder.
- pentestblog.png
- shell.php
We will extract the entire metadata of the pentestblog.png image with the help of ExifTool. Sometimes during the CTF challenge, the passwords are stored inside the image. We need to execute the given below command.
- exiftool pentestblog.png | more
We have designed a payload inside the “shell.php” file that opens the door for code execution on a web server so that attackers can easily access your system.

Now we will hide the payload inside the “pentestblog.png” image. According to the below image, we have already mentioned: “shell. php“
To hide this type of payload, follow the below command.
- exiftool "-comment<=shell.php" pentestblog.png
We were able to hide the payload inside the image. I hope you liked this blog.
- strings pentestblog.png | grep system
Again we will extract the entire metadata of the pentestblog.png image with the help of ExifTool. Now you can notice that our payload has attached to the comment field.
- exiftool pentestblog.png
Latest Posts
- How to Hide Payloads & Backdoor Inside Images
- CeWL – Custom Wordlist Generator in Kali Linux 2021
- SQL Injection Admin Login Bypass Cheat Sheet
- How to Create Wordlist with Crunch in Kali Linux 2021.1
- Cracking /etc/shadow Password Hash using John the Ripper
The post How to Hide Payloads & Backdoor Inside Images appeared first on Pentestblog.
Descarga programas full El pirata de San Jhony
This post is sponsored by Woodmex Studio