php web shell in png file

[Rajesh A.]

Hi,

There were discussions about embedded PHP shell in PNG file. Some one please share any link/document here or any step by step guidelines.

Example: https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/

--

Thank You.

Regards.

Rajesh A.

[Rahul Sasi]

Here we go.

http://www.garage4hackers.com/entry.php?b=258

--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Rahul Sasi
Info Security Researcher

07738222968
http://www.linkedin.com/in/fb1h2s

www.garage4hackers.com
www.garage4hackers.com/blog.php?8-Fb1h2s-blog

[Rajesh A.]

Thank you Rahul. I have checked that and passed. 

Another easy way given (putting here for others ref)

open the png file in GIMP and paste the PHP code in image properties and save. Just upload the file and get rev shell.

[karniv0re]

Adding PHP code to images for server side execution would work only when:

1. There is an LFI/RFI and the image is included via another page.

2. The php binary handles image extensions (which is weird in config even if it did exist)

Also, if the image is not being changed/rezised/rotated/its meta data stripped etc on the server, you can simply cat file.png  shell.php > new.png. In Windows you can copy /b file.png + shell.php > new.png and then include the file.

Regards,

karniv0re