26 lines
761 B
Markdown
26 lines
761 B
Markdown
# dEncexdel
|
|
|
|
dEncexdel encrypts a linux executable or decrypts it into memory, executes it and deletes the decrypted file.
|
|
|
|
Practical uses: execute a service from memory without storing the plain source or the binary on disk, secure a PoC exploit.
|
|
|
|
dEncexdel uses /dev/shm/.
|
|
|
|
Wins:
|
|
- You can have executables that are encrypted.
|
|
- Does not write to the physical drive, but to memory.
|
|
|
|
Limitations:
|
|
- Goes only as far as execution.
|
|
- The executed binary can still be read from memory by root (eg. cat /proc/PID/bin > /tmp/bin)
|
|
|
|
|
|
# usage
|
|
Be careful, -e overwrites the passed executable
|
|
|
|
python3 dEncexdel.py -e executable # encrypt
|
|
|
|
python3 dEncexdel.py -x executable # decrypt and execute
|
|
|
|
python3 dEncexdel.py -r executable # just stdout the decrypted data
|