Payload in Metadata?

Is it possible to make a payload using veil evasion or any other tool or just writting ourself and then put it into image metadata ? I read somewhere hacker are doing this now a days. The thing i dont understand is even if they put it inside an image metadata how it will get executed?

Yes, it can be done. It is a form of obfuscation. I have seen people use the cat command to do it. Git hub will also hold several tools that are as simple as adding the input files paths.

1 Like

What is obfuscation? I heard it many times but unable to understand the it. Can anyone explain it?

It is hiding data (in your case a payload) in another form of data. (the action of making something obscure, unclear, or unintelligible.)

1 Like

But if its a hiding data. and we obfuscate the payload into meta data of image. then how it gonna execute ?

If you do it right, when they veiw the image it runs the payload. Youtube has a few videos on how it is done. One click and the payload in the back is ran as fi you clicked it. It is a fun way to hide it. You can hide much more in an image then just a payload tho.

1 Like

But it will only hide , not will execute the payload right.
Here is an article can you explain it :

If done right, it will run the payload aswell. this should be easier for you to understand. if you need anymore help, PM me.