JoYo
/
scrap-is-not-scrap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cleaning up code a bit

master
JoYo 2019-02-18 23:40:19 +00:00
parent 3c69245237
commit 001641dfb9
1 changed files with 7 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
sins/run.py
View File

@ -9,20 +9,18 @@ import logging
import subprocess
import mmap
whoami_shell = b"\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x10\x00\x00\x00\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69\x00\x56\x57\x48\x89\xe6\x0f\x05"
seed_shell = b'U\x90H\x89\xe5\x90H\x89}\xf8\x90H\x8bE\xf8\x90]\x90\xc3'
seed_shell = b'\x55\x90\x48\x89\xe5\x90\x48\x89\x7d\xf8\x90\x48\x8b\x45\xf8\x90\x5d\x90\xc3'
def shell_func(shellcode: bytes):
exec_mem = mmap.mmap(
-1, len(shellcode),
prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC
flags = mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE
exec_mem = mmap.mmap(-1, len(shellcode), prot=prot, flags=flags)
exec_mem.write(shellcode)
ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(
ctypes.addressof(ctypes_buffer))
addr = ctypes.addressof(ctypes_buffer)
function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(addr)
function._avoid_gc_for_mmap = exec_mem
return function
@ -77,28 +75,3 @@ def sins():
ret_val = seed(ctypes.c_uint(len(seed_data)))
logger.info(f'ret_val: {ret_val}')
def func_void(shellcode: bytes):
exec_mem = mmap.mmap(
-1, len(shellcode),
prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
exec_mem.write(shellcode)
ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
function = ctypes.CFUNCTYPE(ctypes.c_int64)(
ctypes.addressof(ctypes_buffer))
function._avoid_gc_for_mmap = exec_mem
return function
def example():
logging.basicConfig(level=logging.DEBUG)
logging.info(whoami_shell)
logging.info('wtfm8')
whoami = func_void(whoami_shell)
ret_val = whoami()
# whoami doesn't ret
logging.info(ret_val)