761 B
761 B
dEncexdel
dEncexdel encrypts a linux executable or decrypts it into memory, executes it and deletes the decrypted file.
Practical uses: execute a service from memory without storing the plain source or the binary on disk, secure a PoC exploit.
dEncexdel uses /dev/shm/.
Wins:
- You can have executables that are encrypted.
- Does not write to the physical drive, but to memory.
Limitations:
- Goes only as far as execution.
- The executed binary can still be read from memory by root (eg. cat /proc/PID/bin > /tmp/bin)
usage
Be careful, -e overwrites the passed executable
python3 dEncexdel.py -e executable # encrypt
python3 dEncexdel.py -x executable # decrypt and execute
python3 dEncexdel.py -r executable # just stdout the decrypted data