Hiding backdoor in an image
Pixload is an advanced set of tools that allows you to hide payloads within image files by either creating or injecting the intended payload into the desired image.
Pixload: Image Payload Creating & Injecting ToolsThis set of tools has the ability to give you access to some sophisticated hacking functions. Through it, you can create Polyglot files that can be used to sidestep the standard CSP security procedures by injecting the necessary attack scripts into a given image file. Polyglot files can be very effective when exploiting browsers such as Firefox, IE11, Edge, and Safari.
One of the advantages of this type of exploit is that it can allow you to deploy attack files in the form of JavaScript or image files. The payloads which have been deployed can also be easily extracted without applying any external script during an attack. With Pixload you can also be able to exploit server-side misconfigurations by scripting malicious codes into the available system files. Through GD file manipulation PHP shells can be restructured in the form of PNG and IDAT chunks. Features: Bypassing CSP using polyglot JPEGsEncoding Web Shells in PNG IDAT chunks hidden malvertising attacks (with Polyglot images)XSS payload revisiting (in PNG and IDAT chunks)XSS Facebook upload (Wonky and PNG content).
LINK OF THE TOOL:
https://github.com/chinarulezzz/pixload
Pixload: Image Payload Creating & Injecting ToolsThis set of tools has the ability to give you access to some sophisticated hacking functions. Through it, you can create Polyglot files that can be used to sidestep the standard CSP security procedures by injecting the necessary attack scripts into a given image file. Polyglot files can be very effective when exploiting browsers such as Firefox, IE11, Edge, and Safari.
One of the advantages of this type of exploit is that it can allow you to deploy attack files in the form of JavaScript or image files. The payloads which have been deployed can also be easily extracted without applying any external script during an attack. With Pixload you can also be able to exploit server-side misconfigurations by scripting malicious codes into the available system files. Through GD file manipulation PHP shells can be restructured in the form of PNG and IDAT chunks. Features: Bypassing CSP using polyglot JPEGsEncoding Web Shells in PNG IDAT chunks hidden malvertising attacks (with Polyglot images)XSS payload revisiting (in PNG and IDAT chunks)XSS Facebook upload (Wonky and PNG content).
LINK OF THE TOOL:
https://github.com/chinarulezzz/pixload
Thanks for sharing such a nice Post. I must suggest your readers to Visit Cyber Security Training
ReplyDelete