EvilZone

Other => Found it on the Webs => : kenjoe41 August 11, 2013, 03:46:08 PM

: Encoding Web Shells in PNG IDAT chunks
: kenjoe41 August 11, 2013, 03:46:08 PM

If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere(and I'm not talking about encoding data in comments or metadata) - this post will show you how it's possible to write PHP shells into PNG IDAT chunks using only GD (http://php.net/manual/en/book.image.php).

Its worth a check out.https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/ (https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/)

: Re: Encoding Web Shells in PNG IDAT chunks
: vezzy August 11, 2013, 05:19:10 PM

The technique itself isn't new at all, and it's noted by most security advisories nowadays, but I really like the technical detail and crafty approach here. The blog is good in general.

Another much simpler variant is to use GIMP's scripting engine to embed malicious code into images.

: Re: Encoding Web Shells in PNG IDAT chunks
: kenjoe41 August 12, 2013, 05:37:31 PM

Come to think of it. Am gonna try that Gimp thing sometime. Thanks for the heads up.