Userland exec PoC: execute binaries on noexec partition and becoming stealth!
by Someone1611 - Saturday November 2, 2024 at 10:20 AM
Breached
Member
Posts: 25
Threads: 9
Joined: Aug 2023
Reputation: 0
#1
11-02-2024, 10:20 AM (This post was last modified: 11-02-2024, 10:31 AM by Someone1611.)
Userland exec replaces the existing process image within the current address space with a new one. Userland exec mimics the behavior of the system call execve(), but the process structures which describe the process image remain unchanged, in other words the process name reported by system utilities will be the old process name.
Hidden Content
You must register or login to view this content.

"This repository try to mimics big part of the mettle code but always focusing in embembed systems like smartphones, raspberry pies and so on."

License: GPLv3
I personally tested this on Arch Linux. Excellent!
WARNING: this repository use cmake!
Assembly for x86, arm/arm64, powerpc ahead!
Reply
Banned

Posts: 19
Threads: 0
Joined: Nov 2024
Reputation: 0
#2
11-12-2024, 12:54 PM
Interesting. Let me see it
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.
Reply
Banned

Posts: 38
Threads: 0
Joined: Jan 2025
Reputation: 0
#3
02-18-2025, 04:14 PM
Thanks for interesting PoC. Checking!
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.
Reply


Forum Jump:


 Users browsing this thread: 1 Guest(s)