search

arget13 / DDexec

A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
GNU General Public License v3.0
798 stars 83 forks source link

Not working with static binaries #11

Closed Kiblyn11 closed 1 year ago

Kiblyn11 commented 1 year ago

I was trying to run CDK tool with DDExec but it fails to get system page size.

base64 -w0 /dev/shm/cdk | bash ddexec.sh eva --full
fatal error: failed to get system page size
runtime: panic before malloc heap initialized

runtime stack:
runtime.throw(0xa4fb42, 0x1e)
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/panic.go:1116 +0x72 fp=0x7ffda32a1ea0 sp=0x7ffda32a1e70 pc=0x435b72
runtime.mallocinit()
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/malloc.go:438 +0x385 fp=0x7ffda32a1ec8 sp=0x7ffda32a1ea0 pc=0x40c6c5
runtime.schedinit()
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/proc.go:563 +0x65 fp=0x7ffda32a1f20 sp=0x7ffda32a1ec8 pc=0x4394c5
runtime.rt0_go(0x7ffda32a1f4f, 0x1, 0x7ffda32a1f4f, 0x169622f6f672f3d, 0xf100000000000000, 0x7ffda32a1f, 0x0, 0x300000000000000, 0x4000000000000000, 0x400000000004000, ...)
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/asm_amd64.s:214 +0x125 fp=0x7ffda32a1f28 sp=0x7ffda32a1f20 pc=0x4691c5

Are golang bin impossible to run with this technique ?

arget13 commented 1 year ago

Hmm, it should work with go binaries, that bug was explicitly fixed in #5. I'll look into it. Thanks.

Kiblyn11 commented 1 year ago

Working great thanks !