Модератор: t800
python2 sign.py -i in.png -p sign.html -o out.png
The Stegosploit Toolkit v0.2, released in Issue [url="https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf"]0x08 of Poc||GTFO[/url], contains the tools necessary to test image based exploit delivery. The toolkit is distributed as a PNG polyglot within the PoC||GTFO PDF, which is also a polyglot!
The PNG file - stegosploit_tool.png contains all the tools. For a simple demo, you can save it to the local desktop, rename it to HTML and open it in a browser. Clicking the lioness will trigger the decoder and it will extract the toolkit from the pixels and download it. For a complex demo, this PNG has to be uploaded somewhere, and techniques such as MIME type confusion or Content Sniffing have to be used to trick the browser into believing it is an HTML file.
pdftk pocorgtfo08.pdf unpack_files
pdfimages pocorgtfo08.pdf output
Вернуться в Технические вопросы
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 0