This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.

This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof ‘Hide extensions for known file types’ method to hide the agent.exe extension.

All payloads (user input) will be downloaded from our apache2 webserver and executed into target RAM. The only extension (payload input by user) that requires to write payload to disk are .exe binaries.


FakeImageExploiter stores all files in apache2 webroot, zips (.zip) the agent, starts apache2 and metasploit services(handler), and provides a URL to send to target (triggers download).

As soon as the victim runs our executable, our picture will be downloaded and opened in the default picture viewer, our malicious payload will be executed, and we will get a meterpreter session.

But it also stores the agent (not ziped) into FakeImageExploiter/output folder if we wish to deliver agent.jpg.exe using another different attack vector.

This tool also builds a cleaner.rc file to delete payloads left in target’

FakeImageExploiter - Use a Fake image.jpg

Payloads accepted (user input):

payload.ps1 (default) | payload.bat | payload.txt | payload.exe [Metasploit] “Edit ‘settings’ file before running tool to use other extensions”

FakeImageExploiter - Use a Fake image.jpg

Pictures accepted (user input):

All pictures with .jpg (default) | .jpeg | .png extensions (all sizes) “Edit ‘settings’ file before running tool to use other extensions”

FakeImageExploiter - Use a Fake image.jpg


FakeImageExploiter - Use a Fake image.jpg

Another senarios:

If you wish to use your own binary (user input – not metasploit payloads) then:

1 – Edit ‘settings’ file before running tool and select ‘NON_MSF_PAYLOADS=YES’

2 – Select the binary extension to use

‘Remmenber to save settings file before continue’ …

3 – Run FakeImageExploiter to metamorphosis your binary (auto-storage all files in apache) ..

4 – Open new terminal and execute your binary handler to recibe connection. HINT: This function will NOT build a cleaner.rc


Settings file

Agent(s) in windows systems

Download FakeImageExploiter