Added download_inject module #108

Merged
merged 18 commits into from Mar 23, 2015

Projects

None yet

3 participants

@byt3bl33d3r
Contributor

A python based payload that downloads raw shellcode over http and injects into memory.
Optionally can beacon back every X seconds.

Based on the PoC from @secretsquirrel https://github.com/secretsquirrel/shellcode_retriever

@ChrisTruncer
Contributor

Sweet, I'll check this out

@ChrisTruncer
Contributor

Hey,

I just played with this, it looks and works great. Quick question for you on the beaconing functionality. I assumed that if the URI it is looking for isn't present, and beaconing is on, then it would retry for that file (basically like it is in an infinite loop) after the specified checkin time until it finds the URI. I just tested, and it looks like it currently checks once, and if not present, dies. Is that what you intended?

But ideally, we'd like to use this and promote it for the next V-Day in March if you are ok with this. I'll be sure to call you out as the author and @secretsquirrel for generating the POC.

@byt3bl33d3r
Contributor

Hi,
the original PoC had that behavior, so i thought it was best to just preserve it. shouldn't be a problem changing it though.

Edit: btw completely ok with you promoting this on V-Day, Thanks!

@secretsquirrel
Contributor

I agree, It would be better if it continued unless it found a sandbox
environment. Just make sure the error is quiet.

On Feb 28, 2015, at 6:30 PM, byt3bl33d3r notifications@github.com wrote:

Hi,
the original PoC had that behavior, so i thought it was best to just
preserve it. shouldn't be a problem changing it though


Reply to this email directly or view it on GitHub
#108 (comment)
.

byt3bl33d3r added some commits Mar 3, 2015
@byt3bl33d3r
Contributor

@ChrisTruncer finally got around to changing it :P should work as expected now

@ChrisTruncer
Contributor

That looks great, I just have one last thing and I think it's good. Beaconing functionality works, but it seems like it ignores the beaconSeconds option. For example, if I set Beacon to Y, and BeaconSeconds to 30, I thought it would check for the file, if not there, basically sleep for 30 seconds (or do whatever) and then check to see if that file exists again after 30 seconds. Currently, it seems to check if that file exists every second vs. the interval set at BeaconSeconds. You think you could change that to sleep for the number of seconds specified, or are you envisioning a different use case?

Thanks for the update, and this is basically done :)

@byt3bl33d3r
Contributor

@ChrisTruncer all done!

@ChrisTruncer ChrisTruncer merged commit e98be1f into Veil-Framework:master Mar 23, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment