NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes
2024-2-16 19:30:0 Author: www.kitploit.com(查看原文) 阅读量:8 收藏

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.

Install

git clone https://github.com/MatheuZSecurity/NullSection
cd NullSection
gcc nullsection.c -o nullsection
./nullsection

Advantage

When running nullsection on any ELF, it could be .ko rootkit, after that if you use Ghidra/IDA to parse ELF functions, nothing will appear no function to parse in the decompiler for example, even if you run readelf -S / path /to/ elf the following message will appear "There are no sections in this file."

Make good use of the tool!

Note

We are not responsible for any damage caused by this tool, use the tool intelligently and for educational purposes only.

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes Reviewed by Zion3R on 8:30 AM Rating: 5


文章来源: http://www.kitploit.com/2024/02/nullsection-anti-reversing-tool-that.html
如有侵权请联系:admin#unsafe.sh