Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

what type of payload? #6

Closed
makovez opened this issue Feb 26, 2021 · 2 comments
Closed

what type of payload? #6

makovez opened this issue Feb 26, 2021 · 2 comments
Labels
question Further information is requested

Comments

@makovez
Copy link

makovez commented Feb 26, 2021

What type of payload can you add there?
@Silva97
Copy link
Owner

Silva97 commented Feb 26, 2021

Hi @soermejo, the pei tool inject raw binary code on the entry point of the PE executable. It's means you need to write the payload by hand in Assembly.

Just a PoC to you see it's running:

// poc.c
#include <stdio.h>

int main(void)
{
    register long int x asm("r15");

    printf("R15: %ld\n", x);
}
; poc.asm
bits 64

mov r15, 1234567890

And compile using MinGW (I am using Linux):

x86_64-w64-mingw32-gcc poc.c -o poc.exe
nasm poc.asm -o poc.bin
pei -f poc.bin inject poc.exe

Output:
terminal-output

If you wanna see a full payload running, I ran msfvenom's payloads and that works.

Note: See op_inject function to learn how it's exactly inject the code.

@Silva97 Silva97 added the question Further information is requested label Feb 26, 2021
@makovez
Copy link
Author

makovez commented Feb 28, 2021

Thanks

@Silva97 Silva97 closed this as completed Feb 28, 2021
@Silva97 Silva97 pinned this issue Feb 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@makovez @Silva97