Hiding files by some sort of software has been a very common way till now, but if you are looking for something different you can do it by hiding a file behind a jpg image. We have written two more Articles about hiding files or folders in Windows XP. A handy and secured way to Hide Files and Folders in Windows XP and Hide Files or Folders in the Command Prompt in Windows XP.
It is a quite secured way to hide a file behind JPEG image because none will think about the existence of a file inside a jpg image. It is also free from the hazards of installing those software and consequently nobody will notice there is a secret file hidden behind a jpg picture file.
But here I am going to introduce another interesting way. You can use this simple trick to hide any kind of file like txt, mp3, exe, avi or whatever else. Besides this you can hide multiple number of files behind a single jpg file. When any one will see the picture he/she will just consider it as a picture and even if he/she double click on it then the picture will be opened as normal. Isn’t it sounds interesting?
To execute this task you must need WinZip or WinRar to be installed in your PC. You can download it absolutely free from internet. I have described the whole process here.
Execute JPeG Files As EXE: Only For Penetration Testing While Penetration Testing, we come across scenarios where we need to social engineer in order to get the malware executed and test the strength of the organisation’s employee’s cyber security Awareness. Copy the file (s) and the image to your desktop. Select the files you want to hide, press Ctrl + C, go to your desktop, and press Ctrl + V, then do the same with the image you want to use. 2 Select the file (s) you want to hide.
How to hide the files behind JPEG image
Hide Exe In Jpg And Execute Linux
Step 1. Create a folder anywhere in your PC e.g. C > Softslas and keep all the files you want to hide as well as the jpg image you will use to keep that files in.
Step 2. Just select all the files you want to hide, and by right clicking on them select the option of add them to a compressed ZIP or RAR file. Only compress the files you want to hide, not the jpg image. Lets name it as “Secret.rar”.
You’ll see that there is those files, the jpg image and a compressed archive named Secret.rar inside the folder Softslas.
Step 3. Now i will tell you how to make the trick.Click on Start menu, click Run and type “cmd” (without the inverted commas), press enter and you will see the command prompt window has been opened. Type cd to get into the root directory and again type cd followed by the folder’s name you want to hide i.e. “cd Softslas”. Now you are inside the directory C > Softslas>.
Step 4. Suppose the jpg image have name of “Image.jpg”. Type the following line
(Omit the quotes) and press enter.You will get a response in the command prompt like below.
Be sure that the compressed file has the extension of . ZIP or .RAR. As I have heard about some problems people faced while using WinZIP, I recommend you to use WinRAR instead of WinZIP.
That’s all you have to do. Now you have a jpg image with your secret files inside it. If you check the picture size you will see it has been increased by same size that was of the compressed archive. Now you can the delete the . RAR file and the file1 and file2.
How to access the hidden files
Just right click on the file and chose open with WinRar.Then you can see the file you hide behind the picture. Another way to access the hidden file is that just change the extension of the file to .RAR and open the file using WinRar and then extract them.
If you know some other process then please tell us.
AKA: Alternate Data Streams – An introduction…
One of the members of a technical forum to which I belong had a virus detected in a dll that he could not find anywhere on his computer. In the end, it was discovered that the file was embedded as Alternate Data Stream (ADS) attached to his System32 directory. The full path to the file was something simlar to c:windowssystem32:dhht.dll.
I was not familiar with using streams in this manner; so I looked it up. In short, any file or directory on an NTFS drive can any number of files piggy-backed onto it without affecting its reported file size. These files remain intact through normal file copying and renaming actions as long as the file remains on an NTFS drive (or compatible archiver).
I’d never come across this before and thought I would share.
Summary/Demo…. (adjust paths as necessary)
- Create a directory off the root called test
From the command prompt in your test directory type:
[DOS]Echo a>test.txt[/DOS]
That will create a nice 3 byte text file. - Now type:
[DOS]type c:Windowssystem32notepad.exe>test.txt:notepad.exe[/DOS] - Get another directory listing and notice that the size of test.txt remains 3 bytes though an additional ~70kb has been added to it. The time has changed but that could be set back.
- Now, from the command prompt in your test directory, execute the hidden stream:
[DOS]start testtest.txt:Notepad.exe[/DOS]
(You must use include the path to test.txt)
You are now running an exe that was hidden in 3 byte text file!
As far as Windows is concerned, that file takes up only enough space for three characters. Yet it’s got this hidden back end on it. That txt file could be taking up any amount of space. Perhaps it is storing 5 gigs of pictures in it. Who knows?
Windows supplies no tools to display this. The zip file referenced in this article, includes an exe that does.
The Task Manager shows the running proces in different ways depending upon your Windows version. In SP2, the executable is listed as test.txt:Notepad.exe. However, in earlier versions of windows, only the host file is listed. So, if you’d embeded Notepad.exe in calc.exe, calc.exe would be in the task list even though you’d be running Notepad. Nifty huh?
Of course, you’ll have to find a transport/archiver that supports these streams, if you want to distribute them. Outlook and WinZip do not seem to do so.
Apparently ADS are there for backwards compatibility with a Macintosh file system (HFS), but I’m not sure why we’d want/need that… Some Windows apps use it for other things. For example when you download an exe file through IE, MS helpfully edits the file for you and attaches an ADS that stores the Zone under which the file was downloaded. As a result you are NEVER getting the same file that was on the internet. Developers should be aware of this when they deploy software via a website.
Hide Exe In Jpg And Execute C++
In short, while Alternative Data Streams do add some flexibility to the operating system, the incomplete implementation of the feature makes ADS more of an avenue for abuse than a feature.