Midrashim
PT_NOTE to PT_LOAD x64 ELF infector written in Assembly
Install / Use
/learn @guitmz/MidrashimREADME
Linux.Midrashim
This is my first x64 ELF infector written in full Assembly. It contains a non destructive payload and will infect other ELF (PIE is also supported) on current directory only and not recursively. It uses PT_NOTE to PT_LOAD infection technique.
Build
Assemble it with FASM x64.
$ fasm Linux.Midrashim.asm
flat assembler version 1.73.25 (16384 kilobytes memory, x64)
3 passes, 2631 bytes.
$ file Linux.Midrashim
ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped
$ sha256sum Linux.Midrashim
8f1a835ad6f5c58b397109e28409ec0556d6d374085361c6525f73d5ca5785eb Linux.Midrashim
Demo
References:
- https://www.symbolcrash.com/2019/03/27/pt_note-to-pt_load-injection-in-elf
- https://www.wikidata.org/wiki/Q6041496
- https://legacyofkain.fandom.com/wiki/Ozar_Midrashim
- https://en.wikipedia.org/wiki/Don%27t_Be_Afraid_(album)
Related Skills
node-connect
348.5kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
348.5kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
348.5kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
