-
Notifications
You must be signed in to change notification settings - Fork 6
/
sELF_control.c
92 lines (72 loc) · 2.65 KB
/
sELF_control.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#include <stdio.h>
#include <stdlib.h>
#include <uuid/uuid.h>
#include <unistd.h>
#define NB_PATCHES 4
// gcc -o sELF_control sELF_control.c -luuid
int main(){
uuid_t binuuid;
int ch;
long int offset;
unsigned int value;
char* uuid;
char execute[100], xxd[50];
FILE *original, *copy;
printf( "██╗ ██╗███████╗██████╗ ██████╗ ██████╗████████╗███████╗\n"
"██║ ██║██╔════╝██╔══██╗██╔═══██╗██╔════╝╚══██╔══╝██╔════╝\n"
"███████║█████╗ ██████╔╝██║ ██║██║ ██║ █████╗ \n"
"██╔══██║██╔══╝ ██╔══██╗██║ ██║██║ ██║ ██╔══╝ \n"
"██║ ██║███████╗██║ ██║╚██████╔╝╚██████╗ ██║ ██║ \n"
"╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ \n");
printf("=============== sELF control v2 (by SoEasY) ===============\n\n");
fflush(stdout);
// You are judging me ? Don't. Not cool bro.
system("bash -c \"/bin/rm /tmp/* >& /dev/null\"");
uuid = (char*) malloc(50);
sprintf(uuid, "/tmp/");
// Don't do this at home kids
uuid += 5;
uuid_generate_random(binuuid);
uuid_unparse(binuuid, uuid);
// This is done by professionals
uuid -= 5;
original = fopen("/self/EXECUTE_ME", "rb");
copy = fopen(uuid, "wb");
if(original == NULL){
printf("[-] Impossible to open the original file.\n");
return 1;
}
while((ch = fgetc(original)) != EOF)
fputc(ch, copy);
fclose(original);
fclose(copy);
for(int i=0; i < NB_PATCHES; i++){
copy = fopen(uuid, "r+");
offset = 0;
if(copy == NULL){
printf("[-] Impossible to open the temporary file.\n");
return 1;
}
printf("\n[+] Patch n°%d/%d\n", i+1, NB_PATCHES);
printf("- Offset of the byte to patch in hex (example: %02X) : ", rand() % 32);
fflush(stdout);
scanf("%lx", &offset);
printf("- Value to put at this offset in hex (example: %02X) : ", rand() % 32);
fflush(stdout);
scanf("%x", &value);
fseek(copy, offset, SEEK_SET);
fputc(value, copy);
fclose(copy);
}
/*
printf("\n[+] ELF header : \n");
sprintf(xxd, "xxd %s | head\x00", uuid);
system(xxd);
*/
printf("\n[+] Execution : \n");
fflush(stdout);
sprintf(execute, "chmod +x %s && %s", uuid, uuid);
system(execute);
remove(uuid);
return 0;
}