-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfork.c
94 lines (79 loc) · 2.06 KB
/
fork.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
* Compile: clang fork.c -o fork.exe
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <string.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <strings.h>
#include <unistd.h>
#include <poll.h>
#include <pthread.h>
#include <stdint.h>
int (*sc)();
char shellcode[] = "<SHELLCODE-GOES-HERE>";
int main(int argc, char **argv) {
system ("/usr/bin/clear");
printf ("========================================\n");
printf ("Fork shellcode exercise for MacOS ARM64 \n");
printf ("========================================\n");
printf ("[*] Waiting \n");
system("/bin/sleep 1");
printf(".");
fflush(stdout);
system("/bin/sleep 1");
printf("..");
fflush(stdout);
system("/bin/sleep 1");
printf("...");
fflush(stdout);
system("/bin/sleep 1");
printf("....");
printf ("\n[*] Forking\n");
pid_t process_id = 0;
pid_t sid = 0;
process_id = fork();
if (process_id < 0)
{
printf("Fork failed!\n");
exit(1);
}
if (process_id > 0)
{
printf("[-] Forked PID %d \n", process_id);
exit(0);
}
printf("[>] Shellcode Length: %zd Bytes\n", strlen(shellcode));
void *ptr = mmap(0, 0x1000, PROT_WRITE | PROT_READ, MAP_ANON | MAP_PRIVATE | MAP_JIT, -1, 0);
if (ptr == MAP_FAILED) {
perror("mmap");
exit(-1);
}
printf("[+] SUCCESS: mmap\n");
printf(" |-> Return = %p\n", ptr);
void *dst = memcpy(ptr, shellcode, sizeof(shellcode));
printf("[+] SUCCESS: memcpy\n");
printf(" |-> Return = %p\n", dst);
int status = mprotect(ptr, 0x1000, PROT_EXEC | PROT_READ);
if (status == -1) {
perror("mprotect");
exit(-1);
}
printf("[+] SUCCESS: mprotect\n");
printf(" |-> Return = %d\n", status);
printf("[>] Trying to execute shellcode...\n");
sc = ptr;
sc();
return 0;
}