Search
Categories
Servers
Server.InfinityExists.com
-IRC Server (Java Client)
(#Infinity_Exists Port 6667)
-Vent Server (Port 3784)
Affiliates
Underground – Combine Files
September 4th, 2008 by 
Patchy
In this Underground video, Crash Overron demonstrates how to hide a RAR file inside an Image file. He does this by utilizing a binary combine which basically concatenates the two files together. To accomplish this in windows use the command:
copy /B [File1 (Image)] + [File2 (RAR)] [Destination File (Image)]
The resulting file can still be view as an image, and the RAR file can still be unpacked. Not only, can this trick be used as a simple type of steganography, but also, it can be used in certain situations to exploit a flaw in a website. If a website has a Local File Inclusion (LFI) flaw and allows users to upload images, an attacker can inject PHP code into the website by using this technique to combine an Image file with a PHP file. Full Scale Video Here
Download Here
If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com
copy /B [File1 (Image)] + [File2 (RAR)] [Destination File (Image)]
The resulting file can still be view as an image, and the RAR file can still be unpacked. Not only, can this trick be used as a simple type of steganography, but also, it can be used in certain situations to exploit a flaw in a website. If a website has a Local File Inclusion (LFI) flaw and allows users to upload images, an attacker can inject PHP code into the website by using this technique to combine an Image file with a PHP file. Full Scale Video Here
Download Here
If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com
Posted in Underground | 
6 Comments »
6 Responses
You must be logged in to leave a comment.
September 5th, 2008 at 12:23 pm
a simple command with a lot of power nice video Crash
September 5th, 2008 at 12:50 pm
Why would you need a LFI vuln. in order to inject php code?
September 6th, 2008 at 9:46 am
because if there is a LFI vuln on the site that does an include() or something similar then you can upload the img with php and then call the img with the vuln which would result in your code being ran…
September 7th, 2008 at 2:28 am
Nice video and a useful command.
Umm the video on Xif hacking of yours that you mentioned
where is it?? is it on infinity exist or another site?(i may have missed it)
ty
September 7th, 2008 at 8:25 pm
Awesome vid, you said something about watching your vid on exif(i think thats what you said) attacks? where would that be? all i have to say about your vid is…ummm ya…haha
April 3rd, 2009 at 9:47 am
[...] – Underground – Combine Files saved by hugap0rnstar2009-02-04 – 03 AUGUST 2008 saved by RedNinjasibille2009-01-30 – Trams and [...]