Run executables from memory, over the network, on Windows, Linux, OpenVMS

栏目: IT技术 · 发布时间: 4年前

内容简介:Run the client side of NetELF to download and execute a program over the network from a server. The server sends an arbitrary binary and command-line arguments.Where possible it will execute the program in-memory, it will not leave files on the filesystem.

NetELF

Run the client side of NetELF to download and execute a program over the network from a server. The server sends an arbitrary binary and command-line arguments.

Where possible it will execute the program in-memory, it will not leave files on the filesystem. This makes it ideal for pentests, emergencies and general systems automation.

Originally inspired by a post on this post on comp.unix.programmer .

Supported Platforms

Fully supported & tested:

  • Linux
  • Windows 7

Regularly tested & partially supported:

  • Solaris x86, Sparc
  • OpenVMS VAX, Alpha
  • Ultrix VAX, RISC
  • Windows 95+, NT 3.51+

Others that it should work on

  • FreeBSD
  • OSX
  • OSF/1
  • HP-UX
  • QNX
  • z/OS

Example

make
./server.py /bin/ls -la &> /dev/null &
./netelf 127.0.0.1 1337
./netelf 127.0.0.1 1337

In-memory Execution

I looked into the source code for glibc and musl to see what goes on behind the scenes, interesting, it executes the file from /proc/self/fd/%d .

See the following:

Mount options on tmpfs permiate through to /proc/self/fd/ , so to disable you need to add noexec to /dev/shm and other tmpfs mounts:

sudo mount /dev/shm/ -o remount,rw,nosuid,nodev,noexec -t tmpfs

This causes fexecve: Permission denied because the shm_open succeeded, but silently the file descriptor didn't get +x permission, doing fchmod on the handle won't work either. The file permissions can be checked with fstat .

Regarding which executables will work with this technique, the most reliable have been self-contained, statically linked executables. In some cases (where the same libc was used on the host used to compile the executable and on the host it is being executed on, and where both have the same libraries/dependencies), dynamically linked executables have worked. Executables which rely on specific environments or external files generally tend to fail.

Furthermore, it is possible to pass arguments to the executable you are running in-memory! The name of the process is derived from argv[0] , this can be customised using --argv0 [kthreadd] . By default it will use the basename of the executable file.


以上所述就是小编给大家介绍的《Run executables from memory, over the network, on Windows, Linux, OpenVMS》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

奈飞文化手册

奈飞文化手册

[美] 帕蒂·麦考德 / 范珂 / 浙江教育出版社 / 2018-10-1 / 69

一本对奈飞文化进行深入解读的力作。2009年,奈飞公开发布了一份介绍企业文化的PPT文件,在网上累计下载量超过1500万次,被Facebook的CFO谢丽尔·桑德伯格称为“硅谷重要文件”。本书是奈飞前CHO,PPT的主要创作者之一帕蒂·麦考德对这份PPT文件的深度解读。 本书系统介绍奈飞文化准则,全面颠覆20世纪的管人理念。在这本书中,帕蒂·麦考德归纳出8条奈飞文化准则,从多个角度揭示了奈飞......一起来看看 《奈飞文化手册》 这本书的介绍吧!

CSS 压缩/解压工具
CSS 压缩/解压工具

在线压缩/解压 CSS 代码

URL 编码/解码
URL 编码/解码

URL 编码/解码

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具