arget13 / ddexec Goto Github PK

Hi, can this be used on android? I'm guessing yes?...

Hello:

Sometimes we would like to run code on the stack. For example, a msfvenom reverse shell in C that is written and executed from the stack.

Right now the code does not support stack execution but it could be an option for the future.

Greetings.

I was trying to run CDK tool with DDExec but it fails to get system page size.

base64 -w0 /dev/shm/cdk | bash ddexec.sh eva --full
fatal error: failed to get system page size
runtime: panic before malloc heap initialized

runtime stack:
runtime.throw(0xa4fb42, 0x1e)
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/panic.go:1116 +0x72 fp=0x7ffda32a1ea0 sp=0x7ffda32a1e70 pc=0x435b72
runtime.mallocinit()
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/malloc.go:438 +0x385 fp=0x7ffda32a1ec8 sp=0x7ffda32a1ea0 pc=0x40c6c5
runtime.schedinit()
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/proc.go:563 +0x65 fp=0x7ffda32a1f20 sp=0x7ffda32a1ec8 pc=0x4394c5
runtime.rt0_go(0x7ffda32a1f4f, 0x1, 0x7ffda32a1f4f, 0x169622f6f672f3d, 0xf100000000000000, 0x7ffda32a1f, 0x0, 0x300000000000000, 0x4000000000000000, 0x400000000004000, ...)
        /opt/hostedtoolcache/go/1.15.15/x64/src/runtime/asm_amd64.s:214 +0x125 fp=0x7ffda32a1f28 sp=0x7ffda32a1f20 pc=0x4691c5

Are golang bin impossible to run with this technique ?

Hello, my environment do not have bash but only sh(just like sh in ubuntu), and sh do not support command:

exec 0< <(printf $data)

It will say:Syntax error: redirection unexpected

What should I do? Thanks for your help.

Hello:

I noticed that the ddexec.sh module does not work correctly with static binaries:

Inconsistency detected by ld.so: rtld.c: 1619: dl_main: Assertion GL(dl_rtld_map).l_libname' failed!

Regards

Hi...
As described in the README.md, making dd executable only by root WILL NOT prevent this technique being executed by the filesystem: you could call "ld" before calling "dd".
Please, add $loader variable to your script to use the "ld" and "dd" together.
Thanks in advance.

Hello:

After testing the tool I noticed that it does not respond correctly with binaries generated by msfvenom (and probably with some others).

As we discussed by mail, one of the errors was due to the .bss section but after fixing that bug, it still responds incorrectly.

I am still investigating why this is happening.

Regards,
J.

i use google cloud shell environment but it doesn't work

Error trying to run go binaries.

fatal error: failed to get system page size
runtime: panic before malloc heap initialized

runtime stack:
runtime.throw({0x499fc4, 0x0})
	/usr/lib/go/src/runtime/panic.go:1198 +0x71 fp=0x7fffffffee98 sp=0x7fffffffee68 pc=0x42f991
runtime.mallocinit()
	/usr/lib/go/src/runtime/malloc.go:445 +0x2fd fp=0x7fffffffeec0 sp=0x7fffffffee98 pc=0x40a7bd
runtime.schedinit()
	/usr/lib/go/src/runtime/proc.go:689 +0x55 fp=0x7fffffffef20 sp=0x7fffffffeec0 pc=0x4331d5
runtime.rt0_go()
	/usr/lib/go/src/runtime/asm_amd64.s:212 +0x125 fp=0x7fffffffef28 sp=0x7fffffffef20 pc=0x4589a5

Probably the internal golang functions use the auxv entry AT_PAGESZ to obtain the page size.

Hello:

If I try to run a msfvenom shellcode that executes an action, it works perfectly with the ddsc.sh module.

But if I generate a msfvenom reverse shell shellcode, the program is not working.

Regards