Author Topic: Encoding Web Shells in PNG IDAT chunks (Read 1085 times)

kenjoe41 · « **on:** August 11, 2013, 03:46:08 pm »

If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere(and I'm not talking about encoding data in comments or metadata) - this post will show you how it's possible to write PHP shells into PNG IDAT chunks using only GD.

Its worth a check out.https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/

vezzy · « **Reply #1 on:** August 11, 2013, 05:19:10 pm »

The technique itself isn't new at all, and it's noted by most security advisories nowadays, but I really like the technical detail and crafty approach here. The blog is good in general.

Another much simpler variant is to use GIMP's scripting engine to embed malicious code into images.

kenjoe41 · « **Reply #2 on:** August 12, 2013, 05:37:31 pm »

Come to think of it. Am gonna try that Gimp thing sometime. Thanks for the heads up.

EvilZone

News:

Author Topic: Encoding Web Shells in PNG IDAT chunks (Read 1085 times)

kenjoe41

Encoding Web Shells in PNG IDAT chunks

vezzy

Re: Encoding Web Shells in PNG IDAT chunks

kenjoe41

Re: Encoding Web Shells in PNG IDAT chunks