six
/
dEncExDelR
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Decrypt|Encrypt|Execute|Delete|Return
2 Commits
1 Branch
0 Tags
36 KiB
Python 100%
 
Go to file
six ca864aa4d5 Return 2021-10-06 15:16:08 +02:00
LICENSE Initial commit 2021-10-06 13:14:53 +00:00
README.md Return 2021-10-06 15:16:08 +02:00
dEncexdel.py Return 2021-10-06 15:16:08 +02:00

README.md

dEncexdel

dEncexdel encrypts a linux executable or decrypts it into memory, executes it and deletes the decrypted file.

Practical uses: execute a service from memory without storing the plain source or the binary on disk, secure a PoC exploit.

dEncexdel uses /dev/shm/.

Wins:

  • You can have executables that are encrypted.
  • Does not write to the physical drive, but to memory.

Limitations:

  • Goes only as far as execution.
  • The executed binary can still be read from memory by root (eg. cat /proc/PID/bin > /tmp/bin)

usage

Be careful, -e overwrites the passed executable

python3 dEncexdel.py -e executable # encrypt

python3 dEncexdel.py -x executable # decrypt and execute

python3 dEncexdel.py -r executable # just stdout the decrypted data