preloader
Ethical hacking

Spoofing file extensions - Ethical Hacking Tricks

Spoofing file extensions - Ethical Hacking | By Gourav Dhar

newline

File extension spoofing is a handy trick when creating trojans. In this blog, I will be spoofing the ‘.exe’ extension to the ‘.jpg’ extension. But this method can be extended to spoof any extension type.

I have a file named trojan.exe  whose name I will change to sports_complexe.jpg by the end of this blog.

newline

newline imagefile

newline

I will use a right-to-left-override character to spoof the extension .exe and replace it with .jpg . Let me tell you how.

Current file name -> trojan.exe

Desired extension -> .jpg

To remove the .exe from extension, I will use a right-to-left-override character to make the file name read from right to left after the right-to-left-override is placed

Right-to-left of .jpg would be gpj.

To get the right-to-left-override character open the characters application in Ubuntu and search for the right-to-left-override character. You can follow the steps shown in the pictures below.

Dialog box

Rename trojan.exe to trojangpj.exe . Paste the right-to-left-override character at the 7th position after trojan. All the characters after the right-to-left-override character will be flipped i.e. read right to left. newline

newline right-to-left

newline

The filename now looks like trojanexe.jpg

converted file

newline

To make the executable look more realistic, since the image icon contained in the file is of a sports complex I will replace trojan in the name with sports_compl so that the file name reads sports_complexe.jpg

newline renamed file

newline

And tada! , the file extension spoofing was successful. Some recent browsers remove the right-to-left-override before downloading. So it is a good idea to zip the file and send it over.