Skip to content

memexec

Ulrich Berntien edited this page May 8, 2019 · 2 revisions

memexec

Name

memexec - Execute a binary program or a script file in-memory from webserver

Synopsis

memexec URL ARGUMENTS

Description

memexec uses a Perl script (see in-memory-only-elf-execution who I stole much of the basis of it for) or a Python script to execute a binary or a script in-memory.

The downloaded file will be stored in an anonymous file in the process memory /proc/self/fd.

A Python version 2, Python version 3 or Perl interpreter is needed.

A proxy could be set in https_proxy shell variable.

If no Python or Perl interpreter is available or if the Linux kernel is too old, then the files will be loaded into the $HOME directory. The $HOME directory is typical a directory in a tmpfs filesystem.

Argument is

  • URL: The URL to load the program file. A http or https based address.
  • ARGUMENTS: All other arguments are passed thru to the program.

Restrictions

Only Linux with kernel >= 3.17 is supported.

Only some architectures (x86_64, i386, ...) are supported.

The binary must be compiled for the target system.

A script file must start with "#!". This two characters must be the first two bytes of the files. The script must be prepared for a script interpreter on the target system.

Examples

Load and run a script with arguments. (The script in the example needs a sh interpreter.)

$ memexec https://raw.githubusercontent.com/zMarch/Orc/master/resources/echo_arguments.sh first second

Load and run a binary program with arguments. (The exec in the example requires a Linux x86_64 system.)

memexec https://github.com/XiphosResearch/netelf/raw/master/bin/test.Linux.x86_64.exe first second

Load and run a program without parameters.

$ memexec http://www.example.com/programs/mytool

Load the program file via proxy.

$ http_proxy=http://proxy.example.com:8080
$ memexec http://www.example.com/programs/mytool

See

in-memory-only-elf-execution

Clone this wiki locally