• Stars
    star
    171
  • Rank 222,266 (Top 5 %)
  • Language
    Python
  • Created over 8 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate a PNG with a payload embedded in the IDAT chunk (Based off of previous concepts and code -- credit in README)

PNG-IDAT-Payload-Generator

Generate a PNG with a payload embedded in the IDAT chunk (Based off of previous concepts and code -- credit given below) Additionally, bruteforce payloads matching a regex pattern

This is a Python3, PEP8-compatible, fully-working version of huntergregal's initial project. Rewritten and fixed by https://github.com/TheZ3ro @TheZ3Pro

Update: Added prepopulated payload tables, improved bruteforce speeds, added xqi.cc payload to table

Based Off of Previous Concepts and Research

Usage

usage: generate.py [-h] [-q] -m {xss,php} [-r REMOTE_DOMAIN] -o OUTPUT_IMAGE [-u UPDATE] [-p PAYLOAD] [-t THREADS]

Tool to generate PNG-IDAT Payloads.

options:
  -h, --help            show this help message and exit
  -q, --quiet           Optional: quiet mode
  -m {xss,php}, --method {xss,php}
                        Choose payload method, -h to view available methods
  -r REMOTE_DOMAIN, --remote-domain REMOTE_DOMAIN
                        Remote domain to retrieve payload from (shorter the better: ex. xx.xxx. use xqi.cc for generic XSS)
  -o OUTPUT_IMAGE, --output-file OUTPUT_IMAGE
                        Output payload to PNG file
  -u UPDATE, --update UPDATE
                        Update the payload tables
  -p PAYLOAD, --payload PAYLOAD
                        Use the provided payload - no bruteforce
  -t THREADS, --threads THREADS
                        Number of threads to use for bruteforce
  • use tld_tool.py and prefix_tool.py to help generate templates and populate payload tables
  • use a target of xqi.cc to create a payload for a generic XSS reflector. thanks idontplaydarts for the tip
    • usage for this payload is xqi.cc/?zz=alert(1)

Generic XSS Payload

  • usage target.com/evil.png?zz=alert(1)

s/o idontplaywithdarts for the domain tip

Concept

  1. Generate PNG payload
  2. Bruteforce hex string that Gzdeflates into target payload
  3. Engineer discovered Gzdeflate string to bypass PNG filters
  4. Generate PNG file with payload embeded in IDAT chunk
  5. Upload PNG payload to vulnerable target web application
  6. Take control of web application response content-type (example: .png.html)

To Do

  • Vavkamil Bruteforce method(s) , tld vs prefix
  • Pure Bruteforce method (long)
  • Port payloadPatternBruter.py to Python3

More Repositories

1

mimipenguin

A tool to dump the login password from the current linux user
C
3,500
star
2

scansploit

Exploit using barcodes, QRcodes, earn13, datamatrix
Python
108
star
3

botHunter

Scans the internet for open FTP servers looking for common malware bot droppers and grabs them for sampling. Also provides support for uploading samples to VirusTotal
Python
48
star
4

wordlists

Common Wordlists
47
star
5

tools

Some useful tools and scripts
PowerShell
41
star
6

malwareSandbox

A ready to deploy docker container for a fresh sandbox for on-the-fly malware analysis
Shell
40
star
7

dir_list

A wordlist for brute forcing directories / files
11
star
8

huntergregal

My website
CSS
6
star
9

buttnet

A simple IRC Botnet for linux-based targets
PHP
4
star
10

litterrobot_firmware

firmwares for litter robots
4
star
11

tinderception

Intercept Tinder photos
Python
3
star
12

practice

various practices programs, vulnerable stuffs, etc
C
3
star
13

pyTunnel

A customizable tunnel between two clients on two separate sockets. Authentication support TBD.
Python
2
star
14

YakTrack

Can be used to geolocate Yik Yaks in a given area
Python
2
star
15

pycrawl

Python Web Crawler
Python
2
star
16

Swag

Source code for Swag package
Python
1
star
17

brje_gamewheel

Bundle for Racial Justice and Equality (brje) Game Wheel
Python
1
star
18

Shodan-Client

A Shodan API client written in Python.
Python
1
star
19

DigitalOceanManager

Used to manage digital ocean droplets
Python
1
star
20

CVE

Collection of CVE details
1
star
21

writeups

CTF and challenge writeups
JavaScript
1
star
22

myGet

A Python version of wget. Written for NET320 class assignment.
Python
1
star