From 1d7b4459bc3886fbd183e820af36f05633303fad Mon Sep 17 00:00:00 2001
From: Jonathan Hodgson <git@jonathanh.co.uk>
Date: Tue, 24 Sep 2019 17:07:24 +0100
Subject: [PATCH] Changes to disguise as image script

---
 bin/.bin/payload-generation/disguiseAsImage   |  25 ++++++++----------
 .../payload-generation/templates/README.md    |   5 ----
 .../payload-generation/templates/payload.gif  | Bin 20 -> 0 bytes
 .../payload-generation/templates/payload.jpg  | Bin 20 -> 0 bytes
 .../payload-generation/templates/payload.png  | Bin 21 -> 0 bytes
 5 files changed, 11 insertions(+), 19 deletions(-)
 delete mode 100644 bin/.bin/payload-generation/templates/README.md
 delete mode 100644 bin/.bin/payload-generation/templates/payload.gif
 delete mode 100644 bin/.bin/payload-generation/templates/payload.jpg
 delete mode 100644 bin/.bin/payload-generation/templates/payload.png

diff --git a/bin/.bin/payload-generation/disguiseAsImage b/bin/.bin/payload-generation/disguiseAsImage
index 0a0e5b48..a9760e6f 100755
--- a/bin/.bin/payload-generation/disguiseAsImage
+++ b/bin/.bin/payload-generation/disguiseAsImage
@@ -8,8 +8,12 @@ CURRENT=$(pwd)
 PAYLOAD="$1"
 IMAGETYPE="${2:-jpg}"
 # Make sure the image type is lower case
-IMAGETYPE=$(echo "$IMAGETYPE" | tr '[:upper:]' '[:lower:]')
+IMAGETYPE=$(echo "$IMAGETYPE" | tr '[:lower:]' '[:upper:]')
 
+# Hex encoded versions of the magic bytes of images
+MAGIC_GIF='47494638396140004000e7ff0002050101070a0d'
+MAGIC_JPG='ffd8ffe000104a46494600010101012c012c0000'
+MAGIC_PNG='89504e470d0a1a0a0000000d49484452000000400a'
 # This function prints the usage
 function printUsage(){
 	echo "Usage: $(basename "$0") PAYLOAD TYPE"
@@ -31,26 +35,19 @@ function getPayload(){
 	fi
 }
 
-function getTemplate(){
-	local template="$SCRIPTPATH/templates/payload.$IMAGETYPE"
-	echo "$template"
-	if [ -f "$template" ]; then
-		exit 0
-	else
-		exit 1
-	fi
-}
-
 function getDestination(){
-	echo "$CURRENT/$PAYLOAD.$IMAGETYPE"
+	local ext=$(echo "$IMAGETYPE" | tr '[:upper:]' '[:lower:]')
+	echo "$CURRENT/$PAYLOAD.$ext"
 	exit 0
 }
 
-if template=$(getTemplate); then
+eval template="\$MAGIC_$IMAGETYPE"
+
+if [ -n "$template" ]; then
 	if payload=$(getPayload); then
 		# Do copy stuff
 		destination=$(getDestination)
-		cp "$template" "$destination"
+		echo "$template" | xxd -r -p > "$destination"
 		cat "$payload" >> $destination
 	else
 		"No such payload $payload"
diff --git a/bin/.bin/payload-generation/templates/README.md b/bin/.bin/payload-generation/templates/README.md
deleted file mode 100644
index ce24da71..00000000
--- a/bin/.bin/payload-generation/templates/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Image templates
-
-These images are not real images. They take the first 20 bites of an example image of each type.
-
-By adding code to these, you will be able to evade many upload filters that only allow images
diff --git a/bin/.bin/payload-generation/templates/payload.gif b/bin/.bin/payload-generation/templates/payload.gif
deleted file mode 100644
index bcfe4d1552cdc623296a5a0bbb03cf1da1801291..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20
bcmZ?wbhEHbbYO5`c>bS(iItI&or@O$HP!?+

diff --git a/bin/.bin/payload-generation/templates/payload.jpg b/bin/.bin/payload-generation/templates/payload.jpg
deleted file mode 100644
index 47ddd39be3b7a0803f84b147022677cb2374714c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20
acmex=<NpH&0WUXCHwH!^&|%bJU;qGBPz6H(

diff --git a/bin/.bin/payload-generation/templates/payload.png b/bin/.bin/payload-generation/templates/payload.png
deleted file mode 100644
index 3334731bba68326f13778dc90c1c344ba400c3cb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21
acmeAS@N?(olHy`uVBq!ia0vp^4qN~!jsqwF