Skip to content

nopn0p/xzf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
example
example
 
 
utils
utils
 
 
README.md
README.md
 
 
consts.h
consts.h
 
 
example.sh
example.sh
 
 
setup.sh
setup.sh
 
 
xor.py
xor.py
 
 
xzf
xzf
 
 
xzf.c
xzf.c
 
 

Repository files navigation

Introduction

xzf is a simple PoC demonstrating how EXIF data can be used for command and control. xzf GETs an image from a predetermined URL, then reads the software tag for an authentication string. If the string matches, xzf will execute anything contained within the ImageDescription tag.

Usage

  1. Choose your auth string and XOR key, then use xor.py to XOR out the string
  2. Choose an image and use gexif to add your commands to execute in ImageDescription and your auth string to the Software tag.
  3. XOR out the desired filename
  4. Upload the image (not imgur) and add all values to consts.h
  5. Deploy

Requirements

  • libcurl
  • libexif

References

About

EXIF-based command and control PoC

Topics

exif pentesting data-exfiltration

Resources

Readme
Activity

Stars

16 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages