Introduction

xzf is a simple PoC demonstrating how EXIF data can be used for command and control. xzf GETs an image from a predetermined URL, then reads the software tag for an authentication string. If the string matches, xzf will execute anything contained within the ImageDescription tag.

Usage

Choose your auth string and XOR key, then use xor.py to XOR out the string
Choose an image and use gexif to add your commands to execute in ImageDescription and your auth string to the Software tag.
XOR out the desired filename
Upload the image (not imgur) and add all values to consts.h
Deploy

Requirements

libcurl
libexif

References

https://www.media.mit.edu/pia/Research/deepview/exif.html
https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Introduction

Usage

Requirements

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

Introduction

Usage

Requirements

References