Tags
Author: TMZ - Replies: 0 - Views: 1462
Ezuri: Linux runtime crypter with memfd_create
A small Golang runtime crypter demonstrating memfd_create syscall usage to run ELF executables from memory in Linux. Works on kernel version is >= 3.17 (relies on the memfd_create syscall).

aes.go
[hide]
[code]
package main

import (
"crypto/aes"
"crypto/cipher"
)

func aesEnc(srcBytes []byte, key string, iv string) []byte {
block, err := aes.NewCipher([]byte(key))
check(err)

encrypter := cipher.NewCFBEncrypter(block, []byte(iv))
encrypted := make([]byte, len(srcBytes))
Author: TMZ - Replies: 0 - Views: 1089
Running ELF from memory
Small tool written in Golang to run ELF (x86_64) binaries from memory with a given process name. Works on Linux where kernel version is >= 3.17 (relies on the memfd_create syscall).

Build it with "go build memrun.go" and execute it. The first argument is the process name (string) you want to see in "ps auxww" output for example. Second argument is the path for the ELF binary you want to run from memory.

main.go
[hide]
[code]
package main

import (
"fmt"
"io/ioutil"
"os"
"sysca