Giter Site home page Giter Site logo

flea's Introduction

FLEA

flea是通过栈溢出进行远程代码执行的木马程序

目前该项目仅仅实现了全部功能的1%不到,所以暂时先不要指望该程序存在任何有价值的功能和

用途

该程序主要用于对Win32逆向、Intel i386汇编、Linux SUS的学习研究,希望有兴趣和专业伙计

加入进来,一起完善

执行过程

  • 对肉鸡ZH的控制分三个过程:
  1. ZH每隔一段时间向远程控制主机CH发出ICMP ECHO REQUEST 请求,请求格式如下
+-------+--------+--------------+--------------------+
| salt  | mark   |OS identifier |   hostname         |(共16B)
+-------+--------+--------------+--------------------+
    1B     1B         4B                 10B

  • salt[1B]:盐,或称种子,用以将其与以上表8b处逐字节异或编码

  • mark[1B]:合法性检查标记,常量0xEA,在控制端CH收到的REQUEST请求解码后与0xEA比对,不

匹配则放弃

  • OS identifier[4B]:操作系统识别码,作用是根据不同的识别码选择不同版本的payload,具体

结构如下

+---------+-----------+-----------+-------------------------+
|iswow64  |osver:major|osver:minor|        osver:build      |(4B)
+---------+-----------+-----------+-------------------------+
0         1           8           16                        31
  • hostname[10B]:主机名,作用是控制端CH在回应任何请求前获取被控主机的基本标识

在异或编码之后,将16字节数据拆分为32字节,拆分方法为将1B,以4位为一个单位拆分为2B,前

后顺序不变,第一字节+='a',第二字节+='k',保证最终的32字节数据为a到z 的可打印字符

  1. CH接收到ECHO REQUEST请求后,解码数据,通过os identifier,搜索数据库,找出对应该操作系统版本的payload,该payload功能是提供一个稳定的与控制端CH的网络连接(考虑用KCP等UDP稳定协议封装),以及LoadLibrary,GetProcess等基础的系统函数 等执行环境,之后通过ECHO REPLY将payload发送到ZH,导致ZH溢出并执行该payload

  2. ZH执行payload后,创建于CH的稳定网络连接,接收远程发送来的payload可执行数据,创建线程并执行

flea's People

Contributors

00052 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.