reimplemented memexec - Githubissues

zMarch / Orc

Orc is a post-exploitation framework for Linux written in Bash

MIT License

390 stars 51 forks source link

reimplemented memexec #61

Closed UlrichBerntien closed 5 years ago

UlrichBerntien commented 5 years ago

The Perl script behind the memexec function is stored in the resources directory.
New but not tested: other architectures since x86_64 should be possible.
The Perl script is stored gzip and uuencoded to obfuscate the syscall.
uuencode and not base64 is used because uudecode is part of the busybox and base64 is not part of the busybox but. So I hope uudecode is on more systems then base64.

0x27 commented 5 years ago

uuencode/uudecode are missing on a lot of systems, so I wouldn't merge this just yet.

UlrichBerntien commented 5 years ago

Thank you. I changed from uuencode/uudecode to the base64 tool. Now the combination gzip + base64 is used to encode/decode the memexec Perl script. I hope this is supported by more systems.

If you know a better tool combination I will use it. Another option is to store the plain text of the Perl script in o.rc. But the original o.rc version uses an obfuscation so I want to support obfuscation also.

UlrichBerntien commented 5 years ago

Now the memexec function should be able to download and execute script files.

A script file must start with the "#!". This two bytes will be checked and then the script file executed via the env tool.

UlrichBerntien commented 5 years ago

Added python2 and python3 implementation of memexec.

Now the download and execution of binary programs and script files should be work with python3, python2 or perl.