Created
July 12, 2023 04:58
-
-
Save ivanvza/d96ef7e94d700f886ed2144a5408d215 to your computer and use it in GitHub Desktop.
Linux - Fileless Python Execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes, os, base64, zlib | |
| l = ctypes.CDLL(None) | |
| s = l.syscall | |
| c = base64.b64decode (b'eNorKMrMK1FQykjNyclXKM8vyklRAgBHBAbu') | |
| e = zlib.decompress(c) | |
| f = s(319, '', 1) # syscall to sys_memfd_create | |
| ''' | |
| memfd_create() [319] creates an anonymous file and returns a file | |
| descriptor that refers to it. The file behaves like a regular | |
| file, and so can be modified, truncated, memory-mapped, and so | |
| on. However, unlike a regular file, it lives in RAM and has a | |
| volatile backing storage. | |
| ''' | |
| os.write(f, e) | |
| p = '/proc/self/fd/%d' % f | |
| os.execle(p, 'smd', {}) | |
| ''' | |
| import zlib, base64 | |
| text = b'print "hello world"' | |
| code = base64.b64encode(zlib.compress(text,9)) | |
| print (code) | |
| b'eNorKMrMK1FQykjNyclXKM8vyklRAgBHBAbu=' | |
| ''' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment