Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to easily Bypass Email Attachment File Filtering
#1
Hey guys, I just wanted to notify you of a cool and not so cool bug that ALL email hosters have regarding file attachments. Please use this for educational purposes only, nothing lethal Nono.

Lets say I have just coded a .exe in VB and want to send it to a friend for test run. The email host will block the .exe with a file extension filter, until my method came around the block. Today you will learn how to send an .exe over the internet, such as Yahoo, Gmail, AOL and live email hosting servers. We're not modding the filter, but the file Hehe. All common sense.

Now Good News:
You Can Now Send Any Type Of File Extension by Email


Now Bad News:
Pretty self explanatory why this could be bad, if the hacker is smart enough they can maneuver around and send a virus to someone, if that someone is willing to participate with the hacker.


Very simple, tutorial. I will be teaching you the ways of the LOGIC.

First step, get your .exe file. Next, Download iHide.exe [Created by Me]
Here.

Next, Go onto iHide and pass UAC, then go to the ComboBox and select Show File Extensions, refresh desktop by right click options or hitting the F5 key on keyboard, file extensions are revealed.

Next hit the button "select an option in the combobox". Then refresh your Desktop.

[Image: xkvhh5.png]

Next I want you to find your .exe file, and rename it to any file extension, then hit enter. Doesn't matter. Do this by deleting the "exe" part and replace the "exe" part with a new file extension. If you open it, the file will act corrupted because its being opened by the wrong file extension. As long as it you think it would be a legit file to go through an email hosting attachment filter such as a portable network graphic file, .PNG or .JPEG.


[Image: s3.png]


[Image: s4.png]

[Image: th_s5.png?t=1287338314]

After that its pretty self explanatory. Select the ".PNG" disquised as your .exe file, and attach it. Write your subj, and body msg, and you send the mail to your friend, explaining to them how to change the file extension to a .exe file after getting it downloaded somewhere convenient and BOOM!

[Image: s6.png]

We bypassed the Attachment Filtering Service built into your email and the receiver got the .exe file successfully. I hope you learned something today Big Grin Enjoy. Feel free to reply!
[Image: t5BWm.png]
Reply
#2
bump... Come on guys this is a really awesome trick.
[Image: t5BWm.png]
Reply
#3
It's not that awesome trick, but still a cool one. Some executable files can get damaged if you change their extension to something else, I've tested this and fudged myself with a nice server I built using a RAT. Also, fix the first image it's showing the Tinypic error type of thing, and upload to imgur.com or min.us they are better than the rest.
Reply
#4
This isn't that impressive, but it's also nice. You should really improve it a bit, but this is really a cool bypassing tutorial.
Reply
#5
I don't really see any use for this. If you wanted to share an exe you could just upload it to one of the billion file sharing sites that are free. The only applicable use for this seems to be malicious.
Reply
#6
(04-03-2011, 09:28 AM)r0yaL Wrote: I don't really see any use for this. If you wanted to share an exe you could just upload it to one of the billion file sharing sites that are free. The only applicable use for this seems to be malicious.

Thats the way you think, but you can use it for perhaps you made a prject at your friends house and you had not brought a USB drive, he emails the executable and try it at your house...
[Image: t5BWm.png]
Reply
#7
(04-03-2011, 09:30 AM)C0de_Override Wrote: Thats the way you think, but you can use it for perhaps you made a prject at your friends house and you had not brought a USB drive, he emails the executable and try it at your house...

None of my friends are smart enough to figure out how to change a file extension. I would much rather just send them a file sharing link.

Nice TuT anyways Smile
Reply
#8
hahahha awesome man . .. you did it . I'm do that before on my FTP server, he disallow me to upload .exe , so I upload in .jpg format
[Image: jkovKy.png]
Reply
#9
Wow that is great I never knew that.
Reply
#10
(04-03-2011, 09:58 AM)h4yr0 Wrote: hahahha awesome man . .. you did it . I'm do that before on my FTP server, he disallow me to upload .exe , so I upload in .jpg format

yes exactly, then change the format from .JPG to .EXE on the desktop!
[Image: t5BWm.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)