Advertisement
Guest User

x-vector

a guest
Jun 29th, 2017
128
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.62 KB | None | 0 0
  1. #x-vector .
  2. This type of attack is called JPG File Inclusion , and allows to upload images injected with a web to a web page by skipping the protection filters to be able to execute that code in the remote server (where the web is hosted) by means of an inclusion to the picture.
  3.  
  4. Well, the first thing to do is to locate a web that allows images to be uploaded to the server, and that web works with PHP
  5.  
  6. I used this one time my own lab as a web server.
  7.  
  8. The tools you will need are:
  9.  
  10. - Image with .jpg format to upload to the victim server.
  11. - edjpgcom : Program to inject code into a JPG.
  12. - TamperData : Firefox extension to view and modify HTTP / HTTPS headers.
  13. - Firefox .
  14. - Server that allows to upload JPG images (It will be our victim).
  15.  
  16.  
  17. The first thing you will do is download edjpgcom to be able to inject the code that you want in your image
  18.  
  19. To execute this program you will have to place your image in the folder where the program is located, then open the console and execute the following instruction:
  20. Edjpgcom.exe "Filename.jpg"
  21.  
  22. Once you execute this instruction, you will open a window in the tool , which will allow yo to inject code inside the image:
  23.  
  24.  
  25.  
  26. Now you must enter the code that you want it to run on the victim server. (Server code )in your case.
  27. In this case I will inject a simple <? Php phpinfo ()?> That will show yo information about the PHP configuration on the victim server.
  28.  
  29.  
  30.  
  31. Okay, now you give OK and your image will contain that code inside.
  32. For that you open the image with a text editor (notepad++)
  33.  
  34.  
  35.  
  36. You need to rename your image and add ".php" before the ".jpg" extension.be careful <<<<<<
  37.  
  38. Example: " Filename.php.jpg "
  39.  
  40. Once you have your p image ready, you go to the victim server where the Upload is hosted and run the TamperData extension to start modifying the requests you can do all of what i said with purbsuit :)
  41.  
  42.  
  43.  
  44. Upload the image and modify the header to tell you to upload it as perfil.php , and not as perfil.php.jpg :
  45.  
  46.  
  47.  
  48.  
  49.  
  50.  
  51.  
  52. accept the modification
  53.  
  54.  
  55.  
  56.  
  57. I think youhave already uploaded your image:
  58.  
  59.  
  60.  
  61.  
  62.  
  63.  
  64. But wait a second ... Have not you changed its extension ".jpg" to ".php"?
  65.  
  66. Let's see that it has uploaded us to the victim server:
  67.  
  68.  
  69.  
  70.  
  71.  
  72. If you have looked carefully, the path where your file has been hosted is: files / perfil.php, so u will access that path to see if your php code is executed correctly ...
  73.  
  74.  
  75.  
  76.  
  77.  
  78.  
  79.  
  80. Perfect!!!↓↓↓
  81.  
  82. What would happen if instead of a simple phpinfo we injected a small shell?.??????(: XD
  83. With my best wishes for you
  84. Other techniques ..
  85. I will illustrate it if you want .........
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement