Is it possible to make a payload using veil evasion or any other tool or just writting ourself and then put it into image metadata ? I read somewhere hacker are doing this now a days. The thing i dont understand is even if they put it inside an image metadata how it will get executed?
Yes, it can be done. It is a form of obfuscation. I have seen people use the cat command to do it. Git hub will also hold several tools that are as simple as adding the input files paths.
1 Like
What is obfuscation? I heard it many times but unable to understand the it. Can anyone explain it?
It is hiding data (in your case a payload) in another form of data. (the action of making something obscure, unclear, or unintelligible.)
1 Like
But if its a hiding data. and we obfuscate the payload into meta data of image. then how it gonna execute ?
If you do it right, when they veiw the image it runs the payload. Youtube has a few videos on how it is done. One click and the payload in the back is ran as fi you clicked it. It is a fun way to hide it. You can hide much more in an image then just a payload tho.
1 Like
But it will only hide , not will execute the payload right.
Here is an article can you explain it : https://null-byte.wonderhowto.com/how-to/hacking-macos-hide-payloads-inside-photo-metadata-0196815/
If done right, it will run the payload aswell. https://www.youtube.com/results?search_query=payloads+in+an+image this should be easier for you to understand. if you need anymore help, PM me.