- Joined
- Jan 8, 2019
- Messages
- 56,608
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,600
6 Years of Service
76%
Introduction
Pixload is an advanced set of tools that allows you to hide payloads within image files by either creating or injecting the intended payload into the desired image.
Pixload: Image Payload Creating & Injecting Tools
This set of tools has the ability to give you an access to some sophisticated hacking functions. Through it, you can create Polyglot files that can be used to sidestep the standard CSP security procedures by injecting the necessary attack scripts into a given image file. Polyglot files can be very effective when exploiting browsers such as Firefox, IE11, Edge, and Safari.
One of the advantages of this type of exploit is that it can allow you to deploy attack files in the form of JavaScript or image files. The payloads which have been deployed can also be easily extracted without applying any external script during an attack. With Pixload you can also be able to exploit server-side misconfigurations by scripting malicious codes into the available system files.Through GD file manipulation PHP shells can be restructured in the form of PNG and IDAT chunks.
Features:
Bypassing CSP using polyglot JPEGs
Encoding Web Shells in PNG IDAT chunks
Hidden malvertising attacks (with Polyglot images)
XSS payload revisiting (in PNG and IDAT chunks)
XSS Facebook upload (Wonky and PNG content)