Und3rf10w/Hello_world.asm

## Hello_world.asm
bits 64

global_start
_start:
    jmp short message

print:
    pop rsi
    xor rax,rax
    mov al, 1
    mov rdi, rax
    xor rdx, rdx
    add rdx, mlen
    syscall

exit:
    xor rax, rax
    add rax, 60
    xor rdi, rdi
    syscall

message:
    call print
    msg: db 'Ex nihilo nihil fit!', 0x0A
    mlen equ $ - msg

## Memfd-create().asm
BITS 64

global _start
section .text

_start:
; duplicate FDs: 10 and 11
    xor rax, rax
    xor rdi, rdi
    mov di, 10
    mov rax, 0x20
    syscall

; create an in-memory only file (AAAA)
memfd_create:
    push 0x41414141
    mov rdi, rsp
    mov rsi, 0
    mov rax, 319
    syscall

; 'suspend' the process
pause:
    mov rax, 34
    syscall

; this should never be reached
exit:
    xor rax, rax
    add rax, 60
    xor rdi, rdi
    syscall

## Sektor7_inmemory_linux_shellcode_injection.py
from ctypes import (CDLL, c_void_p, c_size_t, c_int, c_long, memmove, CFUNCTYPE, cast, pythonapi)
from ctypes.util import ( find_library )
from sys import exit

PROT_READ = 0x01
PROT_WRITE = 0x02
PROT_EXEC = 0x04
MAP_PRIVATE = 0x02
MAP_ANONYMOUS = 0x20
ENOMEM = -1

SHELLCODE =
'\xeb\x1e\x5e\x48\x31\xc0\xb0\x01\x48\x89\xc7\x48\x31\xd2\x48\x83\xc2\x15\x0f\x05\x48\x31\xc0\x48\x83\xc0\x3c\x48\x31' \
'\xff\x0f\x05\xe8\xdd\xff\xff\xff\x45\x78\x20\x6e\x69\x68\x69\x6c\x6f\x20\x6e\x69\x68\x69\x6c\x20\x66\x69\x74\x21\x0a'

libc = CDLL(find_library('c'))

#void *mmap(void *addr, size_t len, int prot, int flags, int fildes, off_t off);
mmap = libc.mmap
mmap.argtypes = [ c_void_p, c_size_t, c_int, c_int, c_int, c_size_t ]
mmap.restype = c_void_p

page_size = pythonapi.getpagesize()
sc_size = len(SHELLCODE)
mem_size = page_size * (1 + sc_size / page_size )

cptr = mmap(0, mem_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0)

if cptr == ENOMEM: exit('mmap() memory allocation error')

if sc_size <= mem_size:
    memmove(cptr, SHELLCODE, sc_size)
    sc = CFUNCTYPE(c_void_p, c_void_p)
    call_sc = cast(cptr, sc)
    call_sc(None)
	bits 64

	global_start
	_start:
	jmp short message

	print:
	pop rsi
	xor rax,rax
	mov al, 1
	mov rdi, rax
	xor rdx, rdx
	add rdx, mlen
	syscall

	exit:
	xor rax, rax
	add rax, 60
	xor rdi, rdi
	syscall

	message:
	call print
	msg: db 'Ex nihilo nihil fit!', 0x0A
	mlen equ $ - msg
	BITS 64

	global _start
	section .text

	_start:
	; duplicate FDs: 10 and 11
	xor rax, rax
	xor rdi, rdi
	mov di, 10
	mov rax, 0x20
	syscall

	; create an in-memory only file (AAAA)
	memfd_create:
	push 0x41414141
	mov rdi, rsp
	mov rsi, 0
	mov rax, 319
	syscall

	; 'suspend' the process
	pause:
	mov rax, 34
	syscall

	; this should never be reached
	exit:
	xor rax, rax
	add rax, 60
	xor rdi, rdi
	syscall
	from ctypes import (CDLL, c_void_p, c_size_t, c_int, c_long, memmove, CFUNCTYPE, cast, pythonapi)
	from ctypes.util import ( find_library )
	from sys import exit

	PROT_READ = 0x01
	PROT_WRITE = 0x02
	PROT_EXEC = 0x04
	MAP_PRIVATE = 0x02
	MAP_ANONYMOUS = 0x20
	ENOMEM = -1

	SHELLCODE =
	'\xeb\x1e\x5e\x48\x31\xc0\xb0\x01\x48\x89\xc7\x48\x31\xd2\x48\x83\xc2\x15\x0f\x05\x48\x31\xc0\x48\x83\xc0\x3c\x48\x31' \
	'\xff\x0f\x05\xe8\xdd\xff\xff\xff\x45\x78\x20\x6e\x69\x68\x69\x6c\x6f\x20\x6e\x69\x68\x69\x6c\x20\x66\x69\x74\x21\x0a'

	libc = CDLL(find_library('c'))

	#void mmap(void addr, size_t len, int prot, int flags, int fildes, off_t off);
	mmap = libc.mmap
	mmap.argtypes = [ c_void_p, c_size_t, c_int, c_int, c_int, c_size_t ]
	mmap.restype = c_void_p

	page_size = pythonapi.getpagesize()
	sc_size = len(SHELLCODE)
	mem_size = page_size * (1 + sc_size / page_size )

	cptr = mmap(0, mem_size, PROT_READ \| PROT_WRITE \| PROT_EXEC, MAP_PRIVATE \| MAP_ANONYMOUS, -1, 0)

	if cptr == ENOMEM: exit('mmap() memory allocation error')

	if sc_size <= mem_size:
	memmove(cptr, SHELLCODE, sc_size)
	sc = CFUNCTYPE(c_void_p, c_void_p)
	call_sc = cast(cptr, sc)
	call_sc(None)