corkami / mitra Goto Github PK

I am looking into making the SVG module better, any tips? Do any of the SVG file polygots work? It looks like they are always failing because the input file lacks parasites and zipper

./mitra.py input/svg.svg input/gif87.gif -f --verbose

! File type 1 (SVG) doesn't support parasites.
! File type 1 (SVG) doesn't support zippers.

SVGs are forgiving, there are additional methods here:
https://blog.mindedsecurity.com/2015/08/pdf-based-polyglots-through-svg-images.html

You can use comment lines to do so

You could perhaps put an Archive in or use mitra as it's own logo on desktop systems

Great work! I'll try to create a polyglot file with a payload like this:
0x59657320535346325420776f726b6564206c696b65206120636861726d206f6e20612072616d6469736b203b2d29

When running mitra using a ZIP and PNG or JPG (in that order) it will not generate any file. (It will print both file names and then their type, but it wont provide the Stack and Parasite messages)

When reversing the order, you get the 2 files and the full message, however the ZIP is not recognized as a valid archive.

For testing purposes, I did get it to work using a PDF and ZIP, I am assuming there is an issue with PNG/JPG? Which seems odd as it is one of the files from the example.

Disclaimer: shameless advertising for a tool I developed.

In addition to file as a detection tool, you can try polydet, a tool I developed with a friend when doing research about polyglots. It's empiric and only knows about a few selected file formats, but can detect "suspicious byte chunks" in these formats. It shows better results than file (which it can use as a fallback) and TrID.

When doing a simple polyglot of a png and a zip file on a mac, it works perfectly.

When opening the png, it works fine. However, when trying to unzip it, it becomes a problem on a Mac OSX Catalina.

I am unable to unzip it simply by clicking it.

If I manually unzip it using the command line, I get this:

I know that this is the expected behavior of this wonderful program, but I wanted to get your thoughts on this and perhaps maybe there is a way to allow for no simple detection of polyglots.

PNG+ZIP
JPG+ZIP
JPG+7z

All generate an error while unzipping

End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive.

I have tried combining a PDF and an OGG. Mitra outputs the following:

f1.pdf
File 1: Portable Document Format
f2.ogg
File 2: Ogg [container]

... but no more, and no file is generated.

Can I get some more debug output?

Edit: I found the --verbose option. I get the following:

! File type 1 (PDF) can only host parasites at offset 0x30. File 2 should start at offset 0x0 or less.

And when swapping arguments:

! File type 1 (OGG) can accept parasites only of size 0xFFFF max. File 2 is too big (10FC13).

So I conclude that PDF+OGG is only supported by parasiting the PDF in the OGG, and only when the PDF is <64KiB.

Hi, Before anything, ur research was greate ...

I was try below steps to use the code:

1. git clone https://github.com/corkami/mitra.git
2. cd mitra
3. ./mitra.py input/png.png input/html.htm -f

and then test generated html and png in firefox in multiple ways... , But no alert shown on page :(

I use python3 + ubuntu 2021

I was read and watch all ur docs and I believe its true , can u make a video for bind js in image with default files in input folder .... or can u guess what is the problem ?!

I have solved the problem. The file is not complete when I unzipped it.

Hi !

I cloned the repo, am using python 3.6 and have no particular issue while using the script BUT, I just get nothing outputted.
I'm trying to "merge" ball2 into ball so that I have ball.jpg that can also be ball2.png once encrypted (or the other way around doesn't matter, by the way, why can't we do polyglots of same type ? png/png jpg/jpg for ex.)
am I missing something ?

What is the problem please?

python mitra.py picture.jpg backdoor.zip
Traceback (most recent call last):
File "mitra.py", line 3, in
from parsers import *
File "/pentester/mitra-test/parsers/bpg.py", line 24, in
assert ue7_encs(127) == b"\x7f"
AssertionError

Thank you :-)

So I "combined" a zip and a png file, took the png file that it gave me, renamed it to aaa.zip, opened it but error of 7zip/winrar saying its corrupted