From 001641dfb9cd8e35c85d880544337c1cf38bf41a Mon Sep 17 00:00:00 2001
From: JoYo <>
Date: Mon, 18 Feb 2019 23:40:19 +0000
Subject: [PATCH] cleaning up code a bit

---
 sins/run.py | 41 +++++++----------------------------------
 1 file changed, 7 insertions(+), 34 deletions(-)

diff --git a/sins/run.py b/sins/run.py
index 4043454..7a3a372 100755
--- a/sins/run.py
+++ b/sins/run.py
@@ -9,20 +9,18 @@ import logging
 import subprocess
 import mmap
 
-whoami_shell = b"\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x10\x00\x00\x00\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69\x00\x56\x57\x48\x89\xe6\x0f\x05"
-seed_shell = b'U\x90H\x89\xe5\x90H\x89}\xf8\x90H\x8bE\xf8\x90]\x90\xc3'
+seed_shell = b'\x55\x90\x48\x89\xe5\x90\x48\x89\x7d\xf8\x90\x48\x8b\x45\xf8\x90\x5d\x90\xc3'
 
 def shell_func(shellcode: bytes):
-    exec_mem = mmap.mmap(
-        -1, len(shellcode),
-        prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
-        flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
+    prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC
+    flags = mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE
+    exec_mem = mmap.mmap(-1, len(shellcode), prot=prot, flags=flags)
 
     exec_mem.write(shellcode)
-
     ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
-    function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(
-        ctypes.addressof(ctypes_buffer))
+    addr = ctypes.addressof(ctypes_buffer)
+
+    function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(addr)
     function._avoid_gc_for_mmap = exec_mem
 
     return function
@@ -77,28 +75,3 @@ def sins():
     ret_val = seed(ctypes.c_uint(len(seed_data)))
 
     logger.info(f'ret_val:  {ret_val}')
-
-def func_void(shellcode: bytes):
-    exec_mem = mmap.mmap(
-        -1, len(shellcode),
-        prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
-        flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
-
-    exec_mem.write(shellcode)
-
-    ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
-    function = ctypes.CFUNCTYPE(ctypes.c_int64)(
-        ctypes.addressof(ctypes_buffer))
-    function._avoid_gc_for_mmap = exec_mem
-
-    return function
-
-
-def example():
-    logging.basicConfig(level=logging.DEBUG)
-    logging.info(whoami_shell)
-    logging.info('wtfm8')
-    whoami = func_void(whoami_shell)
-    ret_val = whoami()
-    # whoami doesn't ret
-    logging.info(ret_val)
\ No newline at end of file