admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-18 07:53:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7eb18dce14b74d3c3d85f9248fa335abc896592f
TripleCross/README.md

36 lines
618 B
Markdown
Raw Normal View History

Changed the repository (and the rootkit!) name with TripleCross: https://dictionary.cambridge.org/dictionary/english/double-cross. This is 'triple' because it is a BPF program that betrays you at the userspace, at the kernel, and at the network.
2022-06-15 20:33:07 -04:00
# TripleCross
Update README.md
2022-06-23 22:01:50 +02:00
Instructions soon!
For now, you can read the paper at docs/ebpf_offensive_rootkit
<!---
Update README.md
2021-11-28 02:01:32 +01:00
## Build and run
```bash
cd src
make
Updated file names and directory structure to the new multi-modules rootkit
2022-01-16 06:56:54 -05:00
sudo ./bin/kit -t <network interface>
Update README.md
2021-11-28 02:01:32 +01:00
```
Network interface used for PoC: lo
Fix typo
2021-11-28 02:01:56 +01:00
## PoC 0 - Modifying incoming traffic
Update README.md
2021-11-28 02:01:32 +01:00
### Option 1: With netcat
Terminal 1:
```bash
nc -l 9000
```
Terminal 2:
```bash
echo -n "XDP_PoC_0" | nc 127.0.0.1 9000
```
### Option 2: With the in-built client
```bash
cd src/client
sudo ./injector -S 127.0.0.1
```
Updated readme with new PoC
2022-01-16 07:03:07 -05:00
------------------
## PoC 1 - Modifying arguments of read syscalls
```bash
echo "This won't be seen" > /tmp/txt.txt
cat /tmp/txt.txt
```
Update README.md
2022-06-23 22:01:50 +02:00
---!>
Reference in New Issue Copy Permalink