ulexecve
Pyramid
Our great sponsors
ulexecve | Pyramid | |
---|---|---|
2 | 3 | |
169 | 613 | |
1.2% | - | |
5.2 | 5.6 | |
4 months ago | 25 days ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ulexecve
-
Can I exec an new process without an executable file? (2015)
Definitely tricky. I solved it with a Python implementation by building up a big jumpbuffer so that the moment I leave Python-land I copy from temporary buffers to the right addresses and then ultimately jump at the entry point of the newly loaded binary. It's tricky and took quite some debugging to get right, but it's proven rather solid now.
See https://github.com/anvilsecure/ulexecve/blob/main/ulexecve.p... for details. Especially the `CodeGenerator` classes with implementations in x86, x86-64 and aarch64.
Pyramid
What are some alternatives?
systemd-user-sleep - Activate a user sleep target when the system sleeps
traffic-generator - A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port. [Moved to: https://github.com/mytechnotalent/turbo-attack]
PythonMemoryModule - pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
wifiphisher - The Rogue Access Point Framework
Metadata-Remover - A simple Metadata Removal Tool for images and videos using exiftool and ffmpeg in C and Python3.
Powershell-RAT - Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
byob - An open-source post-exploitation framework for students, researchers and developers.
ModuleShifting - Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources