docs: added README
This commit is contained in:
parent
888b3279a2
commit
5ac89f11b4
GPG key ID:
A4895B84D311642C
1 changed files with 38 additions and 0 deletions
38
README.md
Normal file
38
README.md
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
# Cordy
|
||||||
|
A remote control framework for processes.
|
||||||
|
Inject lua code into running processes, or just mess around with the REPL.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
Cordy is a shared object which you need to inject into running processes (consider using my [pox framework](https://github.com/alemidev/pox) or [dll-syringe](https://github.com/OpenByteDev/dll-syringe)).
|
||||||
|
|
||||||
|
Once a process is infected, a new thread will be spawned inside with a tokio event loop. A socket on localhost will be opened on port 13337 and you can just connect with netcat and access the REPL.
|
||||||
|
|
||||||
|
Some builtin functions are added to the Lua REPL to help with messing around:
|
||||||
|
|
||||||
|
```
|
||||||
|
> log([arg...]) print to console rather than stdout
|
||||||
|
> hexdump(bytes, [ret]) print hexdump of given {bytes} to console
|
||||||
|
> exit([code]) immediately terminate process
|
||||||
|
> mmap([a], l, [p], [f], [d], [o]) execute mmap syscall
|
||||||
|
> munmap(ptr, len) unmap {len} bytes at {ptr}
|
||||||
|
> mprotect(ptr, len, prot) set {prot} flags from {ptr} to {ptr+len}
|
||||||
|
> procmaps([ret]) get process memory maps as string
|
||||||
|
> threads([ret]) get process threads list as string
|
||||||
|
> read(addr, size) read {size} raw bytes at {addr}
|
||||||
|
> write(addr, bytes) write given {bytes} at {addr}
|
||||||
|
> find(ptr, len, match, [first]) search from {ptr} to {ptr+len} for {match} and return addrs
|
||||||
|
> x(number, [prefix]) show hex representation of given {number}
|
||||||
|
> b(string) return array of bytes from given {string}
|
||||||
|
> sigsegv([set]) get or set SIGSEGV handler state
|
||||||
|
> help() print these messages
|
||||||
|
```
|
||||||
|
|
||||||
|
It's possible to load lua scripts and programmatically take actions, but no automated way is implemented yet (must connect to the repl and require your script)
|
||||||
|
|
||||||
|
There are no handrails: be aware of race conditions or segfaults!
|
||||||
|
|
||||||
|
## Status
|
||||||
|
Cordy is still in development. I've built this to explore running processes, dynamic loading and the heap. I don't think this has malicious uses since, if you loaded your shared object, you basically already owned the process. If you think otherwise let me know!
|
||||||
|
|
||||||
|
## Name
|
||||||
|
Named from [Ophiocordyceps_unilateralis](https://en.wikipedia.org/wiki/Ophiocordyceps_unilateralis) since this kind of zombifies processes.
|
||||||
Loading…
Reference in a new issue