وهم الاختراق بصيغه jpgلم يعد وهم

Posted by aoumezzine on Wednesday, March 28, 2012
Labels:

بسم الله الرحمن الرحيم 



طبعا كلنا حلمنا الاختراق بصيغه صوره 
للاسف لا يمكن الاختراق باى صيغه غير تنفيذيه 
غير الا لو تم حل المعضله دى 
قبل ذالك طرحت موضوع عن الاختراق بصيغه صوره وللاسف كان هناك خطاء بالكود
طبعا التلغيمه دى قديمه من قدم الازل 
نعم يتم دمج السيرفير او اى صيغه تنفيذيه او غير تنفيذيه بالصوره 
بدون streams
او اى شىء لان بمجرد الدمج بصيغه استريمز يجب ضغطه وحفظ الاستريمز معه 
اى بلا فائده 
اليوم ساعيد طرح الكريقه ولاكن بطريقه صحيحه 
مع العلم انها لن يمكن 
تشغيل الصيغه التنفيذيه المدموجه بالصوره باى شكل يكن 
جرب كتير ----------->
بدون اطاله انا مش هارفق مثال 
انت طبق لانها بسيطه جدا 
كل اللى هتحتاجه 
1-صوره
2-اى برنامج يفضل يكون سيرفير لحين ماتفحصه تتاكد ان الصوره مدموجه 
نبدا على بركه الرحمن وبامره
اول شىء هاتروح للسى 
C:\
بعدها اعمل ملف وهايكون اسمه الديف بوينت مثلا 
C:\DEV - POINT
الحين هانفتح ال CMD

ونكتب

cd ..
ونكررها تانى 
cd ..

الحين نكتب

cd DEV - POINTالحين نكتب 

copy /b girl.jpg + DEV.exe = jpg-DEV.JPG

الحين تم الدمج 
التوضيح بالصور 























النتيجه









حجم الصوره قبل الدمج








الحجم بعد الدمج





طبعا واضح اختلاف الحجم 
والمدهش ان الصيغه لم تتغير 
ولو فتحت الصوره بالهيكس هاتجد قيم الملف التنفيذى موجوده بها 
وابسط دليل بدون هيكس حاول تدمج مع وليكن سيرفر او سيتب برنامج تشفير مكشوف وافحص الصوره المنتجه بعد الدمج ستجد انها مكشوفه بالرغم من صيغتها 
ولاكن المعضله هى عدم امكانيه فتح الصيغه التنفيذه التى بداخلها باى طريقه كانت 
حاولت كثيرا عن طريق الملف المسؤول عن تعريف الصيغ بالويندوز 
وهو موجود عند الاغلبيه منا الا واسمه 
shimgvw.dll


همسه ممكن استخراج افضل ايقونه صوره منه 






الايقون الممكن استخراجها 






مع وجود عده ايقونات اخرى 

ولاكن الملف المراد منه ليس الايقون ولاكن

التعديل عليه لكى يجعل

النظام يقرا ما بداخل الصوره المدموجه

لانه هو المسؤل عن جعل النظام يتعرف على الصيغ


لانه وببساطه يحتوى على اوامر تعرف النظام للصيغ من محرر الاوامر الريجيسترى
كود:
[Version]
Signature="$CHICAGO$"
[RegDll]
DelReg=RegDelete
AddReg=RegAll
[UnregDll]
DelReg=UnRegAll,RegAll
[RegAll]
HKCR,"Applications\shimgvw.dll\****************l\open","MuiVerb",,"@shimgvw.dll,-%IDS_PREVIEW_CTX%"
HKCR,"Applications\shimgvw.dll\****************l\open\command",,%REGEXSZ%,"rundll32.exe %_SYS_MOD_PATH%,ImageView_Fullscreen %%1"
HKCR,"Applications\shimgvw.dll\****************l\open\DropTarget","Clsid",,"%CLSID_PhotoVerbs%"
HKCR,"Applications\shimgvw.dll\****************l\print\command",,%REGEXSZ%,"rundll32.exe %_SYS_MOD_PATH%,ImageView_Fullscreen %%1"
HKCR,"Applications\shimgvw.dll\****************l\print\DropTarget","Clsid",,"%CLSID_PrintPhotosDropTarget%"
HKCR,"CLSID\%CLSID_PhotoVerbs%",,,""****************l Image Verbs""
HKCR,"CLSID\%CLSID_PhotoVerbs%\%IPS%",,%REGEXSZ%,"%_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_PhotoVerbs%\%IPS%","ThreadingModel",,"Apartment"
HKCR,"CLSID\%CLSID_PhotoVerbs%\****************lex\MayChangeDefaultMenu",,,""
HKLM,"%SMWCVSEA%","%CLSID_PhotoVerbs%",,""****************l Image Verbs""
HKCR,SystemFileAssociations\image\****************lEx\ContextMenuHandlers\****************lImagePreview,,,"%CLSID_PhotoVerbs%"
HKCR,SystemFileAssociations\image\****************lex\PropertyHandler,,,%CLSID_ImagePropertyHandler%
HKCR,SystemFileAssociations\image\****************lex\%IID_IExtractImage%,,,%CLSID_GdiThumbnailExtractor%
HKCR,"SystemFileAssociations\image\****************l\print\command",,%REGEXSZ%,"rundll32.exe %_SYS_MOD_PATH%,ImageView_Fullscreen %%1"
HKCR,"SystemFileAssociations\image\****************l\print\DropTarget","Clsid",,"%CLSID_PrintPhotosDropTarget%"
HKCR,"SystemFileAssociations\image\OpenWithList\shimgvw.dll",,,
HKCR,Paint.Picture,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-304"
HKCR,giffile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-302"
HKCR,pjpegfile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-303"
HKCR,jpegfile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-303"
HKCR,pngfile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-305"
HKCR,TIFImage.Document,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-306"
HKCR,emffile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-301"
HKCR,wmffile,"FriendlyTypeName",%REGEXSZ%,"@%_SYS_MOD_PATH%,-307"
HKCR,Paint.Picture,"ImageOptionFlags",%REGDW%,0x00000003
HKCR,giffile,"ImageOptionFlags",%REGDW%,0x00000003
HKCR,pjpegfile,"ImageOptionFlags",%REGDW%,0x00000003
HKCR,jpegfile,"ImageOptionFlags",%REGDW%,0x00000003
HKCR,pngfile,"ImageOptionFlags",%REGDW%,0x00000003
HKCR,TIFImage.Document,"ImageOptionFlags",%REGDW%,0x00000000
HKCR,emffile,"ImageOptionFlags",%REGDW%,0x00000000
HKCR,wmffile,"ImageOptionFlags",%REGDW%,0x00000000
HKCR,icofile,"ImageOptionFlags",%REGDW%,0x00000000
HKCR,"CLSID\%CLSID_****************lImageDataFactory%",,,"****************l Image Data Factory"
HKCR,"CLSID\%CLSID_****************lImageDataFactory%\%IPS%",,%REGEXSZ%,"%_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_****************lImageDataFactory%\%IPS%","ThreadingModel",,"Apartment"
HKLM,"%SMWCVSEA%","%CLSID_****************lImageDataFactory%",,"****************l Image Data Factory"
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%",,,%DESC_AutoplayForSlideShow%
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%\%LS%",,%REGEXSZ%,"rundll32.exe %_SYS_MOD_PATH%,ImageView_COMServer %CLSID_AutoplayForSlideShow%"
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%\%LS%","ThreadingModel",,"Both"
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%\ProgID",,,"%PROGID_AutoplayForSlideShow%.1"
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%\VersionIndependentProgID",,,"%PROGID_AutoplayForSlideShow%"
HKCR,"CLSID\%CLSID_AutoplayForSlideShow%","AppID",,"%CLSID_AutoplayForSlideShow%"
HKCR,"AppID\%CLSID_AutoplayForSlideShow%","RunAs",,"Interactive User"
HKCR,"%PROGID_AutoplayForSlideShow%",,,"%DESC_AutoplayForSlideShow%"
HKCR,"%PROGID_AutoplayForSlideShow%\CLSID",,,"%CLSID_AutoplayForSlideShow%"
HKCR,"%PROGID_AutoplayForSlideShow%\CurVer",,,"%PROGID_AutoplayForSlideShow%.1"
HKCR,"%PROGID_AutoplayForSlideShow%.1",,,"%DESC_AutoplayForSlideShow%"
HKCR,"%PROGID_AutoplayForSlideShow%.1\CLSID",,,"%CLSID_AutoplayForSlideShow%"
HKCR,"%PROGID_AutoplayForSlideShow%.1\****************l\open\DropTarget","Clsid",,"%CLSID_AutoplayForSlideShow%"
HKLM,"%SMWCVSEA%","%CLSID_AutoplayForSlideShow%",,"Autoplay for SlideShow"
HKCR,"CLSID\%CLSID_ImagePropertyHandler%",,,"****************l Image Property Handler"
HKCR,"CLSID\%CLSID_ImagePropertyHandler%\%IPS%",,%REGEXSZ%,"%_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_ImagePropertyHandler%\%IPS%","ThreadingModel",,"Apartment"
HKCR,"CLSID\%CLSID_ImageRecompress%",,,"****************l Image Recompression Object"
HKCR,"CLSID\%CLSID_ImageRecompress%\%IPS%",,%REGEXSZ%,"%_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_ImageRecompress%\%IPS%","ThreadingModel",,"Apartment"
HKLM,"%SMWCVSEA%","%CLSID_GdiThumbnailExtractor%",,"%DESC_GDITHUMBEXTRACT%"
HKLM,"%SMWCVSEA%","%CLSID_DocfileThumbnailHandler%",,"%DESC_DOCTHUMBEXTRACT%"
HKLM,"%SMWCVSEA%","%CLSID_HtmlThumbnailExtractor%",,"%DESC_HTMLTHUMBEXTRACT%"
HKLM,"%SMWCVSEA%","%CLSID_ImagePropertyHandler%",,"****************l Image Property Handler"
[RegDelete]
HKCR,"CLSID\%CLSID_AllPhotoVerbs%"
HKCR,Paint.Picture\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,giffile\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,pjpegfile\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,jpegfile\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,pngfile\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,TIFImage.Document\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,XIFImage.Document,"ImageOptionFlags"
HKCR,XIFImage.Document\****************lEx\ContextMenuHandlers\%CLSID_PhotoVerbs%
HKCR,XIFImage.Document\****************lEx\ContextMenuHandlers\%CLSID_AllPhotoVerbs%
HKCR,"Applications\shimgvw.dll"
[UnRegAll]
HKCR,"CLSID\%CLSID_PhotoVerbs%"
HKCR,"CLSID\%CLSID_****************lImageDataFactory%"
HKCR,"CLSID\%CLSID_ImagePropertyHandler%"
[Strings]
SMWCVSEA="Software\Microsoft\Windows\CurrentVersion\****************l Extensions\Approved"
PATH_EXPLORER="Software\Microsoft\Windows\CurrentVersion\Explorer"
IPS="InProcServer32"
LS="LocalServer32"
CLSID_AllPhotoVerbs="{86603d99-fe49-4467-b72c-0f50d9accf29}"
CLSID_PhotoVerbs="{e84fda7c-1d6a-45f6-b725-cb260c236066}"
CLSID_****************lImageDataFactory="{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"
CLSID_AutoplayForSlideShow="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"
CLSID_ImageRecompress="{6e33091c-d2f8-4740-b55e-2e11d1477a2c}"
CLSID_PrintPhotosDropTarget="{60fd46de-f830-4894-a628-6fa81bc0190d}"
CLSID_GdiThumbnailExtractor="{3F30C968-480A-4C6C-862D-EFC0897BB84B}"
CLSID_DocfileThumbnailHandler="{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"
CLSID_HtmlThumbnailExtractor="{EAB841A0-9550-11cf-8C16-00805F1408F3}"
CLSID_ImagePropertyHandler="{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"
IID_IExtractImage="{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}"
PROGID_AutoplayForSlideShow="****************l.AutoplayForSlideShow"
DESC_AutoplayForSlideShow="****************l Autoplay for Slideshow"
DESC_GDITHUMBEXTRACT="GDI+ file thumbnail extractor"
DESC_DOCTHUMBEXTRACT="Summary Info Thumbnail handler (DOCFILES)"
DESC_HTMLTHUMBEXTRACT="HTML Thumbnail Extractor"
REGEXSZ=0x00020000
REGDW=0x00010001
IDS_PREVIEW_CTX=550




هدف طرح الموضوع عدم امكانيه الاختراق بصيغه صوره للاسف 
اراكم بلقاء قادم 
فى سلام الله 

0 comments:

Post a Comment