Hacking Website Passwords with a PNG image file using Mimikatz

0
214
hacking website passwords with png image using mimikatz
hacking website passwords using mimikatz

Many websites nowadays store users passwords in website logs for the ease of the administrator or it’s the only way sometimes. In the case of computers, the passwords for the personal accounts are stored in the browser or any other part of the computer.

What is Mimikatz :

Mimikatz is a tool designed and built to play with the windows security. It is included under metasploit framework to reduce the effort of the attacker. Mimikatz is normally used to dump passwords from the devices running with windows operating system.

This is the level 1 attack of this tool or script when it comes as a program. The level 2 is the interesting one i.e why only a pc with Windows os but also the Windows servers in which some websites get  hosted.

The idea of collaging the use of mimikatz script with  a jpg image file using Windows powershell is the main objective of this scene.For this to happen , first of all we have to embed the script In the image file.

Is it possible to embed a script on a image file ?

YES, of course it is possible the since the image files also holds  a thing called pixel which we are representing in bytes. Each pixel of the image is used to hold one byte of the script.

So it is recommendable to choose a image with large pixels to be compactible with the payload. The least significant 4 bits of 2 colour values in each pixel are used to hold the payload.

To begin , the mimikatz script must be available in the form of powershell script so that we can embed it using windows PowerShell. Use this link to copy the mimikatz code and convert it in to the powershell script (.ps1 format)

You need another script in the form of power shell to embed the mimikatz script with the image. Repeat the previous step for converting it in to a powershell script.

Step 1:

Open the windows powershell in your pc as an administrator, if not you will get a running script disabled error.

Store the given two scripts in a directory from  where you can access as an administrator ( mostly in c drive)

Step 2:

Import the script Invoke-PSImage  from the directory to PS(power shell) .

PS>Import-Module .\Invoke-PSImage.ps1

If an running script disable error occurs type,

Set-Execution policy unrestricted

Step 3:

Import the mimikatz script from the directory and embed it in a jpg file and name the resultant file in a png format.

PS>Import-Module .\Invoke-PSImage.ps1 –Script .\Invoke-Mimikatz.ps1 –Image  .\empty.jpg –Out .\evil.png

The output evil.png is now embedded with the malicious script which will dump passwords from a windows server’s logs.

Step 4:

Host the image in the web and use the URL of the image to begin the attack wherever you find a website hosting on a windows server.

Happy hacking…

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.