Charmve / PyStegosploit

PoC - Exploit Delivery via Steganography and Polyglots, CVE-2014-0282
https://www.youtube.com/watch?v=O9vSSQIZPlI
GNU General Public License v3.0
45 stars 14 forks source link

the exploit CVE-2014-0282 not run #1

Open lami1414 opened 2 years ago

lami1414 commented 2 years ago

Hello, How are you? I am trying to execute the attack on my VM using the image in order to Dynamic analysis for the malware, I have done all the code except the (load_meterpreter.rc) code, which I did not understand. When I tried to open the image on the virtual environment that contains IE9 on windows 7 ultimate SP1, nothing happened. Can you help me I don't know what's wrong and I've been trying for a month. I really need your advice and thanks. RESULT

dewebdes commented 2 years ago

yes, nothing happened and the repo has some issue, the final image or html not with custom image just this woman picture will show for any image input.... and the default samples not run anything like alert or etc...

if u can please make a video for this repo and show the code in action.

this is my try steps:

git clone https://github.com/Charmve/PyStegosploit.git cd PyStegosploit

edit stego_setup.sh > comment line 4

chmod +x stego-setup.sh ./stego_setup.sh sudo apt-get install hexedit cd project-stegosploit python3 -m http.server 8000

new tab

cd .. cd firefox ./firefox http://localhost:8000/encoding/iterative_encoding.html

put jpg to project-stegosploit/encoding/

enter filename in inputfile cat.jpg and click load , u must see pic in logo place

bit layer = 2 , grid = 3

write js code in textarea or choose ready codes...

click the process button below the MD5 section, then click iterate.

wait... until open stego.jpg dialog apear and save the file

move stego.jpg to project-stegosploit/images/encoded/

new tab terminal.. project-stegosploit

cd .. cd project-stegosploit python3 scripts/polyglot_with_jpg.py exploits/decoder.html images/encoded/stego.JPG polyglots/tux_demo3.html

http://localhost:8000/polyglots/