Exploit Discord's cache system to remote upload payloads on Discord users machines

Sep 09, 2021 2 min read

Exploit Discord’s cache system to hide payloads PoC

Remote upload embedded payload from image using EOF to Discord users machines through cache.

Depending on how NodeJS and Discord’s cache system works, you could potentially make this a full remote code execution exploit.

Step-by-step

Step 1

Embed payload to an image that’s less than 256 kb of size: python3 embed.py <image> <python payload>

For this proof-of-concept, my payload is:

print('Hello World!')

Step 2

Upload the image with the embedded payload to a Discord server as an emoji.

Step 3

Send the emoji in a text channel. Any member that displays that emoji will automatically download it with the embedded payload to cache.

Step 4

To actually execute the embedded payload, you’d have to make victim run a script like victim.py. The script will find and execute the embedded payload from the image in cache.

Video showcase

Note

The same trick can be done with profile avatars.

Credits

cs:

Have fun triggering AVs :p

GitHub

https://github.com/ecriminal/Exploit-Discord-Cache-System-PoC

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

Discord

DIscord token phone verifier tool

Working October 2022! Discord Phone Verifier Mass Verifing a list of discord tokens by phone. HOW TO INSTALL ) Install the required dependencies (pip install -r requirements.txt) HOW TO SETUP account & add

17 January 2023

Discord

Token Generator / Joiner / Onliner

Discord-Token-Generator Token Generator / Joiner / Onliner Made By banxit 2022-08-02.02-01-22.mp4 How to use WILL NOT WORK WITHOUT API KEY WILL NOT WORK WITHOUT BALANCE ON CAPMONSTER put your Proxy(s) in data\

17 January 2023

Machine Learning

DRAGON: Deep Bidirectional Language-Knowledge Graph Pretraining

DRAGON: Deep Bidirectional Language-Knowledge Graph Pretraining This repo provides the source code & data of our paper “DRAGON: Deep Bidirectional Language-Knowledge Graph Pretraining” (NeurIPS 2022). Overview DRAGON is a new foundation

17 January 2023

Discord

Discord token creator, 1 token in 5 Seconds

16 January 2023

Generator

Generates random nitro codes then checks them with the discord api

Nitro-Generator-AND-Checker (Scroll down to see videos + setup tutorials) IT SHOULD BE NOTED THAT THIS IS A PROOF OF CONCEPT AND SHOULD NOT BE USED MALICIOUSLY TO STEAL OTHER USERS NITROS. WHAT YOU DO

16 January 2023

Discord

Discord nitro sniper made with Python. Usually snipes in 10ms

💫 Discord Multi Sniper V2 💫 Nitro, Giveaway, Privnote Sniper. Usually snipes in 10 – 50ms ⭐ Don’t forget to leave a star! ⭐ Some code changes before v3, sniper should be faster Features: Added

13 January 2023

Discord

Create an discord token in 5 seconds using capmonster/2captcha/anti-captcha support

13 January 2023

Machine Learning

Malware programs written in python, reference from PatrikH0lop/malware_showcase

03 September 2022

Exploit Discord's cache system to remote upload payloads on Discord users machines

Exploit Discord’s cache system to hide payloads PoC

Step-by-step

Step 1

Step 2

Step 3

Step 4

Video showcase

Note

Credits

GitHub

John

A profile tool for pytorch neural networks

A simple telegram bot to download from Zee5 links

Exploit Discord’s cache system to hide payloads PoC

Step-by-step

Step 1

Step 2

Step 3

Step 4

Video showcase

Note

Credits

GitHub

A profile tool for pytorch neural networks

A simple telegram bot to download from Zee5 links

You might also like...