h3xduck
|
1ec4ed8486
|
Now the execve hijacker works without needing a canalizer. Removed it. Also some additional tweaks to the c&c launching of the helper
|
2022-02-19 11:57:32 -05:00 |
|
h3xduck
|
8e97624326
|
Improved the pricvesc module which used sudo, now correctly working when the user already has sudo with password capabilities. Now the rootkit userspace helper is correctly launching with root permissions
|
2022-02-19 11:08:56 -05:00 |
|
h3xduck
|
130364e6ab
|
Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted
|
2022-02-18 09:08:54 -05:00 |
|
h3xduck
|
2ae705f037
|
Added new map structure, in preparation for new internal maps storing requested commands via the network backdoor
|
2022-02-14 20:08:30 -05:00 |
|
h3xduck
|
edbaf09c06
|
Completed execve hijacking, as with special error cases that arise and that are documented in the code.
|
2022-02-14 17:45:07 -05:00 |
|
h3xduck
|
044c85f3ff
|
Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done
|
2022-02-06 14:15:57 -05:00 |
|
h3xduck
|
41ef733520
|
Completed faking that an user is in the sudoers file. Now user 'test' can use sudo without being there
|
2022-02-05 14:10:12 -05:00 |
|
h3xduck
|
643783004a
|
Added new hooks and updated map fields to support new sudo module.
|
2022-02-05 13:49:20 -05:00 |
|
h3xduck
|
2b50d376a6
|
Updated function and configurator manager names to the used hook.
|
2022-01-26 13:04:23 -05:00 |
|
h3xduck
|
3832d99af1
|
Updated file names and directory structure to the new multi-modules rootkit
|
2022-01-16 06:56:54 -05:00 |
|