-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mettle stages trigger PAX MPROTECT #59
Comments
Do you get this with linux/x86/shell/reverse_tcp or linux/x86/mettle_reverse_tcp? |
Yeah, the mprot settings there will need to go.
Also confirm that stageless mettle runs (not sure if it WORKS after recent changes, didnt see a session). PAX is working as intended, and if understand intent correctly, we wont be able to simply split up the mprotect calls from our modifications as i dont think it'll let us re-mark memory after altering it. |
So... things in the ecosystem are changing on this front, but for the sake of staying on the subject of mprotect, this is going to get a lot worse for us when SARA or the tpe mprot code lands upstream. We probably want to figure out other methods for doing this, since @OJ so correctly pointed out that encoders want RWX to decode. |
I sense some horrible encoder work coming! And I wouldn't be surprised if we end up in a world of hurt thanks to badchars. |
On the bright side, shows the state of affairs from the blue side viewpoint improving, sort of. To make all this so much more fun, there's another LSM in the works to stop commandline dynamic script language invocation vectors.
|
Using linux/x86/mettle/reverse_tcp to generate a stage0, then uploading it an arch box with a "pretty much all options on" grsec config results in this fine mess:
which, without further provocation than the single exec of the bin, triggers the brute force protection stalling forks and making sadness:
The text was updated successfully, but these errors were encountered: