Generate a PNG with a payload embedded in the IDAT chunk (Based off of previous concepts and code -- credit in README)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
BZdomainPayloads.txt
PEdomainPayloads.txt
README.md
coreFunctions.py
generate.py
payloadPatternBruter.py
php.png
requirements.txt
test.php
testgen.php
xss.png

README.md

/!\ THIS PROJECT IS NOT WORKING AS-IS, PATCHES WELCOME

PNG-IDAT-Payload-Generator

Generate a PNG with a payload embedded in the IDAT chunk (Based off of previous concepts and code -- credit given below) Additionally, bruteforce payloads matching a regex pattern

##Based Off of Previous Concepts and Research

##Usage

usage: generate.py [-h] -m {xss,php} [-r REMOTEDOMAIN] -o OUTPUTIMAGE

Tool to generate PNG-IDAT Payloads.

optional arguments:
  -h, --help            show this help message and exit
  -m {xss,php}, --method {xss,php}
                        Choose payload method, -h to view available methods
  -r REMOTEDOMAIN, --remote-domain REMOTEDOMAIN
                        Remote domain to retrieve payload from (shorter the
                        better: ex. xx.xxx)
  -o OUTPUTIMAGE, --output-file OUTPUTIMAGE
                        Output payload to PNG file
  • To bruteforce pattern matches, modify "payloadPatternBruter.py" to meet your needs and run it.

##Concept

  1. Generate PNG payload
  2. Bruteforce hex string that Gzdeflates into target payload
  3. Engineer discovered Gzdeflate string to bypass PNG filters
  4. Generate PNG file with payload embeded in IDAT chunk
  5. Upload PNG payload to vulnerable target web application
  6. Take control of web application response content-type (example: .png.html)

##To Do

  • Threading
  • Logging (maybe)
  • Vavkamil Bruteforce method(s) , tld vs prefix
  • Pure Bruteforce method (long)