Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Related tags

Security related resourcesMidas-ELF64-Injector
Overview

Midas ELF64 Injector

Description

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you need is to write a C program like you always do, and this tool will compile and inject it into the target binary for you, no shellcoding required. The advantage of this over shellcode injection is that you can actually include any library and it would still work, also of course it's more comfortable writing C than ASM.

Note: This tool was written for an Attack & Defense CTF with an intention to be a one-time-use thing. Therefore, I was only trying to make it works without caring too much about scalability or maintainability.

Dependencies

Please note that all the dependencies MUST be installed with the exact version stated below. Any other version will almost certainly won't work.

  1. gcc 9.3.0: link
  2. lief 0.11.5: pip3 install lief==0.11.5
  3. pwntools 4.4.0: pip3 install pwntools==4.4.0
  4. gdb (any version)

Usage

python3 inject.py
  • : the target binary to be injected to
  • : a file contains the build command of the C file you want to inject, it MUST be statically compiled with -static, and the output file name MUST be tmp.bin

How it works?

  1. It compiles the C code using the provided build command.
  2. It executes the compiled file in gdb, use a temporary gdb script to break at main and dump the process's text and data.
  3. It adds a segment into the target binary to store some shellcode and the memory snapshot dumped above.
  4. It patches __libc_csu_init of the target binary to jump to that shellcode. This is what that shellcode does:
    • Map 2 fixed pages for the text and data at the exact same addresses as a statically compiled binary.
    • Copy injected text and data to the mapped pages.
    • Call injected main.
    • Unmap the 2 pages.
    • Return back to the original target process.

Limitations

  1. There are a lot of hard-coded values, so I'm not sure if it will work 100% of the time.
  2. Rely on exact dependencies version.
  3. Take a while to run.
  4. Will inflate your target size by a lot (expect around 1MB).
  5. The target file MUST be an ELF64 dynamically compiled with PIE enabled.
  6. No checking for input files, you have to make sure they are correct by yourself.
Owner
midas
CE student @ HCMUT, Flag capturer @ Team Efiens, Reverser, Pwner
midas
GitHub Repository
simple python keylogger

HELLogger simple python keylogger DISCLAIMERS: DON'T DO BAD THINGS. THIS PROGRAM IS MEANT FOR PERSONAL USES ONLY. USE IT ONLY IN COMPUTERS WHERE YOU H

Arya 10 Nov 10, 2022
Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str

PyLaboratory 0 Feb 07, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy

Colin O'Flynn 19 Sep 12, 2022
Spring4Shell - Spring Core RCE - CVE-2022-22965

Spring Core RCE - CVE-2022-22965 After Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core R

Malte Gejr 118 Dec 31, 2022
this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

Titan_Exodous 1 Nov 04, 2021
This repo is about steps to create a effective custom wordlist in a few clicks/

Custom Wordlist This repo is about steps to take in order to create a effective custom wordlist in a few clicks. this comes handing in pentesting enga

2 Oct 08, 2022
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

Dr. Johannes Pohl 9k Jan 03, 2023
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Jet Berry's 21 Jan 01, 2023
On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

3 Dec 04, 2022
CVE-2022-21907 Vulnerability PoC

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm

Michele 16 Dec 18, 2022
A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.

Bitpass Password Generator Installation Make sure Python 3+ is installed

Vaibhaw 6 Feb 02, 2022
Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

Alexander Kiselyov 1 Aug 02, 2022
A python script to bypass 403-forbidden.

4nought3 A python script to bypass 403-forbidden. It covers methods like Host-Header Injections, Changing HTTP Requests Methods and URL-Injections. Us

11 Aug 27, 2022
A Superfast SMS & Call bomber for Linux And Termux !

A Superfast SMS & Call bomber for Linux And Termux !

Anubhav Kashyap 15 Feb 21, 2022
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022
Threat research and reporting from IronNet's Threat Research Teams

IronNet Threat Research 🕵️ Overview This repository contains IronNet's Threat Research. Research & Reporting 📝 Project Description Cobalt Strike Res

36 Dec 02, 2022