从PNG图片中分离ShellCode
使用Python的struct
库从图片中分离出ShellCode
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| import struct
with open('modified_image.png', 'rb') as f: img_data = f.read()
pos = 33 while pos < len(img_data): chunk_len, chunk_type = struct.unpack('>I4s', img_data[pos:pos + 8]) if chunk_type == b'shel': shellcode = img_data[pos + 8:pos + 8 + chunk_len] break pos += 12 + chunk_len else: raise ValueError('图片不存在Shellcode')
print(shellcode)
|