GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → XiphosResearch → Netelf

XiphosResearch / Netelf

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

linuxhackingdllwin32rcein-memory

Projects that are alternatives of or similar to Netelf

Dll hook Rs
Rust code to show how hooking in rust with a dll works.
Stars: ✭ 57 (-74.09%)
Mutual labels:  dll, hacking
Pwn jenkins
Notes about attacking Jenkins servers
Stars: ✭ 841 (+282.27%)
Mutual labels:  hacking, rce
DLL-Injector
Inject and detour DLLs and program functions both managed and unmanaged in other programs, written (almost) purely in C#. [Not maintained].
Stars: ✭ 29 (-86.82%)
Mutual labels:  dll, win32
Injectcollection
A collection of injection via vc++ in ring3
Stars: ✭ 131 (-40.45%)
Mutual labels:  dll, win32
Cazador unr
Hacking tools
Stars: ✭ 95 (-56.82%)
Mutual labels:  hacking, rce
Exploits
Miscellaneous exploit code
Stars: ✭ 1,157 (+425.91%)
Mutual labels:  hacking, rce
Jenkins Rce
😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: ✭ 262 (+19.09%)
Mutual labels:  hacking, rce
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-60.45%)
Mutual labels:  hacking, rce
Powershell Phpmanager
A PowerShell module to install/update PHP, PHP extensions and Composer on Windows
Stars: ✭ 108 (-50.91%)
Mutual labels:  dll, win32
Bit7z
A C++ static library offering a clean and simple interface to the 7-zip DLLs.
Stars: ✭ 159 (-27.73%)
Mutual labels:  in-memory, dll
Tool X
Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.
Stars: ✭ 3,361 (+1427.73%)
Mutual labels:  hacking
Goesp
Cross-platform streamproof ESP hack for Counter-Strike: Global Offensive, written in modern C++. Rendering and GUI powered by Dear ImGui.
Stars: ✭ 210 (-4.55%)
Mutual labels:  dll
Capsulecorp Pentest
Vagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (-2.73%)
Mutual labels:  hacking
Ctf All In One
CTF竞赛权威指南
Stars: ✭ 2,807 (+1175.91%)
Mutual labels:  hacking
Blackhat Arsenal Tools
Official Black Hat Arsenal Security Tools Repository
Stars: ✭ 2,639 (+1099.55%)
Mutual labels:  hacking
Onelistforall
Rockyou for web fuzzing
Stars: ✭ 213 (-3.18%)
Mutual labels:  hacking
Pandwarf
PandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or
Stars: ✭ 206 (-6.36%)
Mutual labels:  hacking
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+1223.18%)
Mutual labels:  hacking
Cve 2020 16898
CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Stars: ✭ 207 (-5.91%)
Mutual labels:  rce
Goat
🐐 GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server
Stars: ✭ 218 (-0.91%)
Mutual labels:  hacking
View All Similar Projects ➔

NetELF

Run the client side of NetELF to download and execute a program over the network from a server. The server sends an arbitrary binary and command-line arguments.

Where possible it will execute the program in-memory, it will not leave files on the filesystem. This makes it ideal for pentests, emergencies and general systems automation.

Originally inspired by a post on this post on comp.unix.programmer.

Supported Platforms

Fully supported & tested:

  • Linux
  • Windows 7

Regularly tested & partially supported:

  • Solaris x86, Sparc
  • OpenVMS VAX, Alpha
  • Ultrix VAX, RISC
  • Windows 95+, NT 3.51+

Others that it should work on

  • FreeBSD
  • OSX
  • OSF/1
  • HP-UX
  • QNX
  • z/OS

Example

make
./server.py /bin/ls -la &> /dev/null &
./netelf 127.0.0.1 1337
./netelf 127.0.0.1 1337

In-memory Execution

I looked into the source code for glibc and musl to see what goes on behind the scenes, interesting, it executes the file from /proc/self/fd/%d.

See the following:

Mount options on tmpfs permiate through to /proc/self/fd/, so to disable you need to add noexec to /dev/shm and other tmpfs mounts:

sudo mount /dev/shm/ -o remount,rw,nosuid,nodev,noexec -t tmpfs

This causes fexecve: Permission denied because the shm_open succeeded, but silently the file descriptor didn't get +x permission, doing fchmod on the handle won't work either. The file permissions can be checked with fstat.

Regarding which executables will work with this technique, the most reliable have been self-contained, statically linked executables. In some cases (where the same libc was used on the host used to compile the executable and on the host it is being executed on, and where both have the same libraries/dependencies), dynamically linked executables have worked. Executables which rely on specific environments or external files generally tend to fail.

Furthermore, it is possible to pass arguments to the executable you are running in-memory! The name of the process is derived from argv[0], this can be customised using --argv0 [kthreadd]. By default it will use the basename of the executable file.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].