Few days back hotmail changed its layout.Now executables cannot be send as attachments.Is there any way to send executables without zipping them.

uhhh change the file type to anything and in the email tell them to change it to an .exe

humm social engeniring.. .. you could still make it a SCR i think... so its still exicutible..

No.Scr does not work.I just tried it yesterday but thr file was blocked because it might be "harmful".

try shell scripts, they work really well. Look up google for examples, I used shell scripts a couple of times to get some work done. The ending is .shs, and it is hidden, and it looks just like a .txt file. So say you name something evil.txt.shs, the only thing that will come up is evil.txt ,and it will still be an executable.

Thanks a lot for the suggestion.But shell scripts are also blocked by hotmail.The .shs extention which is hidden on your computer is shown by hotmail when the file is being uploaded.

You could simply change the name, or use Shell scripts as what, said... But I think might Shell scripts get blocked by Hotmail, get a other mail than hotmail then Or you could use MSN Messenger, to send the file..

still no solution for the problem.

Err, can't really think of a good solution but if it's meant as a hack you could try this (inventend by me ):

Upload you evil exe file to a fast web server.
Send (as an attachement) the user an html file which redirects to your page in full screen (so pop's out of the hotmail attachment frames), but redirect with the IE exploit that changes the address in the address bar.
Example: http://www.hotmail.com.com
@69.44.60.11/
Don't know if the example works in the forum but here's the trick:
http://theurlyouwantintheaddressbar0x01@yoursitewiththeexe
0x01 -> this character causes the bug in IE.
So the user will think that he's on hotmail (show him for example 'Scanned with AV antivirus' in a hotmail look) and 90% chance he'll download the file

But nope no solution for really sending an exe...

thanks a lot aspfreakout.

well I ahred month ago a waymake a virus.jpg still workign like and .exe it was with pe explorer and hex software but i don't rember how

i cant download prgrams from this site i cant even start a new thread
so i know this is kinda offtopic but can someone help me hack hotmail

[beardednose reply:

No, we won't help you. And you may never get to start a new thread. You earned yourself some warn points. ANOTHER CASE of one who didn't read the rules.]

The is an oter way....Yiu zip your file and you use winzip exploit to make your file execute with out they execuet it but if they use an oter software that winzip they will probably not open it

take care that the .shs will appear when u send the file
for example on ur computer u'll see file.txt but when u try to send on msn , paltalk , icq etc. he'll see file.txt.shs , never try to send on msn 6.x he'll see the icon

hey is there is anyway to change .exe file to .jpg file but the jpg file still executes..ot is there is any way to change the exe file to html and the html still executes???\


and if somebody knows how to hack hotmail account..then plz tell me
thanx

hey what you do is temp the target person to click a link you send him which redirects to a page you created. Then there is an exploit for Internet Explorer 6 which allows you to execute a file on the computer but the server you are going to keep the page on should be able to run scripts cse u cant change the mime header without it.

see the link:
http://securityresponse.symantec.com/avcen...nerability.html

I know there is something like this for IE6 too but cnt find it.

You could change the icon couldnt you?

How excactly do you make these .shs files?

Is there a way of embedding a trojan in them or something?

Is there a way that send an exe file by mail ( exploit script ) that when user open the mail it download and excute.?

Freeman.

It all depends on if your sending legitamate content or not....

If its legit, and for some reason you cannot zip it, just rename whatever.exe into like whatever.fun , then just tell the person to rename it on the other side. Or if you want to be tricky, open up the program in a text editor, and email the binary in text form, which then the other side could just paste in notepad and save as an exe.

If its not legit, I'd just give em a XSS'd link to your program. Say its from amazon or ebay or something. Spoof the email with some random's servers SMTP relay.



That mainly depends on what they open it with. If they are viewing it in internet explorer (web-based email...hotmail, yahoo, etc.) then HTML will be displayed, along with any web browser exploit. Theres a shitload of those coming out for IE lately, so have some fun. It would be harder if they use firefox for web-based email, but there is still a sploit or two out there that can get the job done.

If its outlook express, then I'm fairly certain there are exploits to do that. I haven't heard of one for mozilla thunderbird yet, so no luck there if they use that.

One thing I've wanted to try is give out some link on the email that is "malicious".. Lets say it reads a file, and submits it as an argument for a PHP script that saves it....I just think that'd be interesting. Imagine someone on nix reading their email as root, and clicking a link that uploaded their shadow file. Remind me to try that sometime.



Amen, brotha.

I believe there are exploits for outlook that allow you to do this, but i think the latest one is farely old, so its pretty much useless.

We exactly need HTML exploit that work on html email .!
Understand me .? ???

Freeman.!