Created
February 9, 2021 02:26
-
-
Save churchofthought/db9f007c7aa777a735b1ceb681157ef2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* WARNING: Function: __x86.get_pc_thunk.bx replaced with injection: get_pc_thunk_bx */ | |
| void main(undefined4 param_1,undefined4 param_2) | |
| { | |
| __uid_t __euid; | |
| __uid_t __ruid; | |
| __gid_t __egid; | |
| __gid_t __rgid; | |
| size_t __n; | |
| int iVar1; | |
| int in_GS_OFFSET; | |
| undefined *local_834; | |
| int local_830; | |
| byte local_824 [8]; | |
| int aiStack2076 [2]; | |
| undefined auStack2068 [1008]; | |
| undefined local_424 [1024]; | |
| undefined4 local_24; | |
| undefined *puStack20; | |
| puStack20 = (undefined *)¶m_1; | |
| local_24 = *(undefined4 *)(in_GS_OFFSET + 0x14); | |
| local_830 = 0; | |
| __euid = geteuid(); | |
| __ruid = geteuid(); | |
| setreuid(__ruid,__euid); | |
| __egid = getegid(); | |
| __rgid = getegid(); | |
| setregid(__rgid,__egid); | |
| printf("Execution id is %x\n",local_824); | |
| local_834 = (undefined *)0x0; | |
| while ((int)local_834 < 0x400) { | |
| iVar1 = rand(); | |
| local_424[(int)local_834] = (char)iVar1 + (char)(iVar1 / 0xff); | |
| local_834 = local_834 + 1; | |
| } | |
| local_834 = (undefined *)0x0; | |
| while ((int)local_834 < 0x400) { | |
| read(0,local_834 + (int)local_824,1); | |
| local_834 = local_834 + 1; | |
| } | |
| while( true ) { | |
| local_834 = (undefined *)0x0; | |
| while( true ) { | |
| __n = strlen("WTFCRAZY"); | |
| iVar1 = strncmp("WTFCRAZY",local_834 + (int)local_824,__n); | |
| if (iVar1 != 0) break; | |
| local_834 = local_834 + 1; | |
| } | |
| if ((undefined *)0x3e0 < local_834) break; | |
| local_834[(int)(local_824 + 2)] = 0x45; | |
| if (*(int *)(local_834 + (int)(local_824 + 0xc)) != 0) { | |
| *(undefined4 *)(*(int *)(local_834 + (int)(local_824 + 0xc)) + 8) = | |
| *(undefined4 *)(local_834 + (int)(local_824 + 8)); | |
| } | |
| if (*(int *)(local_834 + (int)(local_824 + 8)) != 0) { | |
| *(undefined4 *)(*(int *)(local_834 + (int)(local_824 + 8)) + 0xc) = | |
| *(undefined4 *)(local_834 + (int)(local_824 + 0xc)); | |
| } | |
| memcpy(local_834 + (int)(local_824 + 0x10),local_424 + local_830,0x10); | |
| local_830 = local_830 + 0x10; | |
| } | |
| local_834 = (undefined *)0x0; | |
| while ((int)local_834 < 0x400) { | |
| local_834[(int)local_424] = local_834[(int)local_424] ^ local_834[(int)local_824]; | |
| local_834 = local_834 + 1; | |
| } | |
| (*(code *)local_424)(); | |
| /* WARNING: Subroutine does not return */ | |
| exit(0); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment