This mini project was inspired by the following meme tweeted by @jamieantisocial:
And, I found it really interesting so here is a mini PoC of some of the things mentioned in the meme.
I had 3 main objectives with this program - Produce a shellcode which :
- Does normal execution stuff
- Overwrites previously executed stub to prevent forensic analysis
- Reuse the memory segment for executing new shellcode
Compile everything with:
$ makeRunning the EXE:
$ ./overwrite.exeRunning the shellcode:
$ python runshellcode.py shellcode.binFirst, you should get a MessageBox popup with the text: Bonfire, which signifies that the first part of the shellcode has run successfully, and then a Hello World messagebox as a result of the execution of the second shellcode blob
- The
__attribute__ ((section (".text.A")))tags on every function except the entrypoint is to make sure the entrypoint is at the beginning of the.textsection. See: https://stackoverflow.com/questions/19470666/gcc-how-to-tell-gcc-to-put-the-main-function-at-the-start-of-the-text-sectio - the
shellcodevariable cannot be placed in thebonfire()function because mingw places it in the.rdatasection - This project is NOT opsec safe and is just a PoC and hence isn't the best code
K. Bye.