Offensive Security Tool: Bob The Smuggler

by Wo0dy36 - 26 January, 2024 - 11:39 PM

This post is by a banned member (Wo0dy36) - Unhide

Wo0dy36

36
Posts

18
Threads

1 Year of service

OP 26 January, 2024 - 11:39 PM

Bob the Smuggler is a tool that leverages the HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypts the archive and then hides it inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this, the JavaScript will extract the data embedded in the PNG/GIF, assemble it, perform XOR decryption, and then store it as an in-memory blob.

It can be used to simulate and identify potential security vulnerabilities within an organization's systems.

repo: https://github.com/TheCyb3rAlpha/BobTheSmuggler

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account Sign up for a new account in our community. It's easy! Register a new account	or	Sign in Already have an account? Sign in here. Sign in now

Forum Jump:

Users browsing this thread: 1 Guest(s)

Login
Username:
Password:	Lost Password?
	Remember me

Offensive Security Tool: Bob The Smuggler

About Cracked.io

Navigation

Extras

Help

Account