Giter Site home page Giter Site logo

pestilence's Introduction

pestilence

Pestilence is a second elf 64 bits virus (evolution of Famine). The virus will infect every files under /tmp/test and /tmp/test2 by adding itself to the targeted binary and it signature: Pestilence version 1.0 (c)oded by lmartin. Then when you will run binary that were under /tmp/test or /tmp/test2, they will infect every binary under /tmp/test and /tmp/test2 as well. :)

The difference with Famine is the code obfuscation: you can't run gdb or strace on it, and if you try to remove the code that block gdb or strace, the virus routine will be obfuscated. As my Famine version, if you run cat or gdb while launching the virus or a infected binary, the virus will not launch it infection routine.

Bonus:

  • make fsociety will compile a Pestilence version that will infect everything from the root directory ( โš ๏ธ Please run it on a VM - you can run it as root tho :) )
  • make fsociety will also do a bind shell on port 4444 when itself or a infected file is launched as root :3
  • Pestilence will pack a part of his code when executing on host using a LZSS compression and depack itself to copy the packed part on the infected binary

Demo

Basic demo

alt text

Demo debugging with gdb

alt text

Demo cat or gdb procces launched

alt text

Compilation

make

Execution

./Pestilence

How

Pestilence will copy itself (and pack itself on host) after the PT_LOAD executable of the targeted binary if there is enough space between the segment and the next one to fit. It will also change the previous entry of the program by itself and enhance p_filesz and p_memsz of the segment to be executable. It will also add to it replication, some tips of the targeted file like the previous entry to jump on it after it execution.

-----------------------
|       HEADER        |
-----------------------
|         ...         |
-----------------------
|                     |
|       PT_LOAD       |
|        [R E]        |
|                     |
| - - - - - - - - - - |
|       PARAMS        |
|   -   -   -   -   - |
|      SIGNATURE      |
|   -   -   -   -   - |
|                     |
|      PESTILENCE     |
|                     |
-----------------------
|         ...         |

pestilence's People

Contributors

0x050f avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.