Convert .EXE to IMAGE!
Vložit
- čas přidán 31. 05. 2024
- • Educational Purposes Only •
» Skool Community: www.skool.com/anonymous-9484
» GitHub: github.com/EbolaMan-YT
» Patreon: / ebolaman
TIMESTAMPS:
0:00 Intro
0:15 Changing Icon
0:49 Binding Image & Exe
1:40 File Extension Spoof #1
2:12 File Extension Spoof #2
3:07 File Extension Spoof #3
4:48 IMPORTANT
webhook.exe is just a placeholder (so i dont get banned), you can use the methods in this video with a token logger, rat, etc
very *Educational Purposes
you do realize computer hacking is very illegal
have how send the code of the weehook.exe
@@The_Wafool "hacking" is not the same as "stealing people's data and damaging property". So no, hacking is not illegal. What is illegal is using means of hacking to commit actual crimes like stealing, harassing, damaging property, etc. In the same way that teaching people how to pick locks is not illegal either.
Though, in many situations, people may state that "hacking" IS "stealing data" as an over simplification of the word. This over simplification causes confusion and makes people think that Hacking is (and can only be) the act of breaking security for the purpose of stealing (and other crimes), but you can hack without causing damage to anyone. Hacking is simply the act of bypassing of security measures, or breaking some other system to gain access or priveledges. But if you have been given permission by the right people to have such access or priveledges, then it's not illegal.
And spreading awareness of computer security flaws, like how @ebolaman_ has done here, helps everyone to know how to protect themselves against these exploits. If this was not shown here, it will still be shown in other places where actual criminals hang out. Showing these security flaws can even lead to an eventual patch of the flaws. So keeping this information secret can be more dangerous to everyone.
@@The_Wafoolno way, its very much legal man what are you talking about?
Educational purposes is pretty much the universal dev excuse now
I guess it is the same for nudity counting as art.
@@F1L337t w i t c h
Not really, he showed us how is it made so now we're aware how to be careful in case of sus file
it is educational init
I have soo many *educational purpose* ideas!!!🤣🤣
That right to left override character in the filename was absolutely devious
But I think the extension in the properties menu would still be the right one
malware tutorial 😭
thatts his whole channel
the phrase educational purposes only is the one thing keeping this channel from not being cancalled
He hasnt done anything illegal.
Y can hide virus by this method @@Kanibulus
It's not like he is going to distribute any zero day exploit through youtube video.
The RLO trick is actually something I didn't know even as a CS student, thanks!
this is old one, if you do this, even Window Defender can catch this, it automatically consider the file as a trojan even when it's not harmful (test file)
@@catorlife can confirm, it's been like this for a while now
The name will go back to it's original form once you upload it somewhere, so not useful even if the target has no antivirus
there are file managers that separate extension from rest of name like double commander
Wow even as a CS student ? Xdd
.scr is an shortcut for screensaver executables. It's exactly the same as normal executables, but isn't .exe.
EDIT: Also, it's better to change the shortcut executable to "cmd.exe /c .\image.png", because when you leave the full path (c:\users\boris\...), it only supports your location of the folder with your username. But still, good video.
True but you're sending it to someone else anyways
Wtf .scr is 'script' not 'screenshare'
@@andrey_sviridov it's Screensaver
@@andrey_sviridoveveryone is wrong it’s screen saver😂
@@Meletion1 yeah, that too. I have bubbles.scr installed as my Win11 screensaver :)
Bro you literally got the the info i was finding for 2 years
I was tryna find this for so long and this was here the whole time????
frr
The question is whether windows defender detects it as malicious? Or does it depends upton the the exe that is being executed.
Shit I was doing 25 years ago
@@TeeChemist dumbass alert someone ban this kid
instructions unclear:
Im in the prison cell and re-watching this video
Good video. Knowing how to do dangerous things helps in defending against them. For example, to defend yourself against this, use a custom system icon pack and disable thumbnails. No antivirus needed or keeping your eyes peeled for extensions. Also, your default icons look cooler.
Could you tell that how do you switch to a custom system pack and disable thumbnails
@@Cryptocurrency69 ask Google
@@Cryptocurrency69 Both answers depend on your operating system. You'll have to ask mama Google.
Doesn't help if you're a high value target, the real trick is to know Windows screensavers are autoran executables, and to check the file type. Or use Unix because NT has one of the most comprehensive filesystem permission systems ever that doesn't have execute as an attribute.
educational purpose only. Enjoy 💀
bro's channel is surviving with the educational purposes excuse
You can embed code inside an LNK file, and have the link file run it, so you could also fit an image inside an LNK and do it that way!
RLO is already detected by most AV's
.scr is also detected by most AV's now and will be stopped by WD smart screen.
the .lnk method works but will be caught by behavior dynamic analysis which most AV's have.
double masquerade extensions will also be caught and stopped by smartscreen.
Is Windows Defender included in "most AV's"?
@@phir9255probably yeah wd is the most annoying av because it just does to much I don't have it because it even blocks my work
@@phir9255windows defender is an AV (anti-virus software) preloaded with the windows OS
@@phir9255likely
@@phir9255 considering windows defender is default installed on all windows operating system, then yes it would be considered part of “Most AV’s”
Its just wow 🤯
So nicely explained straight to the point!
Damn its very rare that i find interesting channels ln CZcams
Slick demonstration man! It was fun to finally know how do they do this
mixing this with being able to view other desktops and holy hell you're goated
that's really cool! im not interested in doing this but i like the style of your videos and your explanation. Subbed.
appreciate it man
keep up the good work
The amount of people who think that clicking the image sent on discord will execute it is hilarious
Wasn't there an exploit that basically did that?
They just send the embed from a other device once they click the image it’s all a scam
@@pinguluk1 no that’s not possible because of how discord works. When you send an image, discord harvests that information and displays the image, more or less like a middleman, in other words it’s literally just an image, you can’t hide executables in it.
thats why you only look at the embed
@@pinguluk1 yeah there somewhat was. for others in the replies: .WebP (note; webp wasn't the only thing that was exploited nor was it only discord related but its the one with most information.)
Keep it up man! That's awesome
First video I see of your channel and you definitely earned a sub. Tbh I don't really see how the "standard users" could not fall for this
what a legendary mic stand
underrated content creator
I remember this video
Cant wait to use this for educational perpousus only!
thank you for this tutorial ebola man
cool old techniques you covered
My man earned a subscriber
Fantastic video
i love this man
thanks ebola man, very cool 👍
casualy doing gods work
damn it, the RLO trick is quite surprising, for things like this you just better drag the file to the image editor
i appriciate youre videos i love all of them
Very helpful ! Thank you
beautiful stuff here
this is very improtant not for scamming but for being aware so its very important also this teaches u that the best antivirus is you
DUDE YOU ARE THE REAL G OMG
Thank you ebola man
Now I'm scared for images. Luckily I'm on linux so no exe's, but still scary to think how easy it is to hide the real file extension
So ANY image on discord could be laced like this??? Wtf how do you even stay safe from this? Idk how to work linux
@@infectieonUploaded images with machine code execution will get rejected because they're not REALLY images; The headers and offsets are wildly different and be considered corrupt or invalid. You only need to worry about fake 'images' stored directly on your file system, and make sure not to run them.
Also the reversed text trick used to spoof the file format works only on explorer and a gew other programs, in the most of apps this trick won't work and the original file format will be shown
"linux is free if your time is worthless" proceeds to get hacked by an image
@@CluelessGeekthis was the cause by my change to dual boot windows/linux to just linux 😅
u a w fr fr love u bro
i admit. i have been pwned by this in the past. it's such a good method
Thanks ebola man!
really good bro
Really cool! More videos!!
the RLO trick is not gonna work since even Window Defender can catch this, it automatically consider the file as a trojan even when it's not harmful (test file)
Yeah this isn't actually a danger to anyone. The only reason windows isn't freaking out about the file is because it was made on his computer. If you were to upload that to the Internet and try running it on another computer it'd get instantly sent to the shadow realm by even the worst of anti viruses
@@smoothbraindetainer I tried making my own, and Windows Defender successfully stopped it from executing. Maybe the video uploader disabled Defender for the sake of the demonstration?
@@Lar_me yes exactly my point, even the crappiest of antivirus programs would catch this low-level bug
Now I am immensely paranoid of all of those background remover and image downloading websites I have visited in the past! Wonderful!
Oh im gonna enjoy this alright
hello do you know how to make a hwid spoofer? been watching these videos and tryna make one using the multi tool method as well.
You know wayyyy to much! this is crazy thanks
an angel omfg
Awesome content.
ngl thats actually so smart omg
TYSM (btw where do you find all this stuff)
This is scary simple. I don't know if I am suppose to be scared or surprised.
you can check the file extension and size when downloading files
both
Have you watched the entire video? because it can look like a png or whatever file and still run as a cmd. @@kamimatsuyama
the RLO method doesn't work after uploading a file to 99.9% of file hosts online. you shouldn't be scared. if you're skeptical, you can always just right click and check the properties
WHOWWWWWW! Amazing!
bro is a prodigy
This is very interesting. Might use it against scammers
Bro u are legend 😂❤
Esto podría ser bastante útil algún dia en el sentido "educativo"
That grassy hill image was taken in Sonoma County, California, where I grew up.
That is terrifying! But so smart 🤯!
very good men
fun fact: there is no educational use for thst
I am taking Cybersecurity as a trade, this is educational to me.
:D
how come? I learnt that Win is still a mess in these days.
? It doesnt have to have an educational use, he's educating on a subject, which makes the video educational.
Whether that be if you were educated on how to infect other peoples machines or to better protect against having your own machine infected, this video was by definition educational as it taught something
@@Noahitis that comment was from 5 months ago...
@@MiguelWilson0 people comment on my stuff from 6 years ago, it doesn't change the validity of what I just said
first part was useful, thanks
The fact that Windows lets you use the RLO in filenames and it actually works is crazy. They didn't think at all about how this could be used, or they did but didn't care. There should be some kind of indication of every type of character in a filename, be that a color change on reversed text or whatever.
What about Arabs and Asians, millions would be pissed about having to type their filenames in reverse
Ehehehehe
Definitely going into the saved videos
TYSM!
Brilliant
Thank you, from now I can easily steal from everyone's computers information about them. Can't wait for new video about IP addresses and other things.
This is getting out of hands
Thank you tho
Dangggggggg, That's insane.
Very cool
what app did you use to 'short cut' the unicode rlo character?
right click>insert unicode character
@@ebolaman_ he wants to know how youre able to see that unicode thing
@@Dino-zg2vx when youre renaming the file just right click on the file name and it should give you those options. he literally told you to pay attention
@@Dino-zg2vx it's just built into windows
fire
ebola man i have a question how can i make it look like an image when i send it through discord like i want to get their token when they open the image on browser but when i send it as you showed it sends as a file. please help
that's crazy !
I subscribed right at.... you know. The one nobody buys. I totally never bought this program but damn if it doesnt seem to always be activated. Crazy.
where do i get the file from to do change my file into a image file
I remember doing this in highschool to get around the exe blocks in gmail
I'm like a lot of people here I'm like a lot of people here who are really scared if youtube bans you. Your knowledge is amazingwho are really scared if youtube bans you.
Love some good bass boosted Xenogenesis by TheFatRat
this is good
Love ur vids
Educational purposes=educating hacksers
Which version of windows are you running?
technically, you can go deeper with shortcut method without spoiling hidden file but it's gonna be multi-task command for cmd
thanks, now i "educationally" know how to give someone a virus.
One day bro is gonna hack the NASA and say that it was only for educational purpose
I'm impressed by RLO, I didn't know.
I’m literally working on defense against file extensions and file uploads right now… gonna see if spoofed files get through what I wrote.
One question. That probably will prevent prople to decompile/reverse engineer my exe, right?
Does anybody know if there are warning message implemented in Windows that Alert the user about this flip text character thing and or some shortcuts that start with cmd .exe which shouldn't based on the file that opens ?
yup defender detects it
Thank you! I just hacked tens of thousands of poor souls who thought i sent them a picture of a puppy! 😃
I'm pretty sure that on some recent windows, the RLO character prevent to run most of the EXEs
nice
thats op this could get in the wrong hands
fucking awesome dude
Je crois pas que les gens vont utiliser cette astuce pour faire le bien...