xzf is a simple PoC demonstrating how EXIF data can be used for command and control. xzf GETs an image from a predetermined URL, then reads the software tag for an authentication string. If the string matches, xzf will execute anything contained within the ImageDescription tag.
- Choose your auth string and XOR key, then use xor.py to XOR out the string
- Choose an image and use gexif to add your commands to execute in ImageDescription and your auth string to the Software tag.
- XOR out the desired filename
- Upload the image (not imgur) and add all values to consts.h
- Deploy
- libcurl
- libexif