h3xduck
8be536fb6f
Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.
2022-04-14 13:24:43 -04:00
h3xduck
a9f0ae17f7
Completed client payload generation
2022-04-14 09:49:08 -04:00
h3xduck
0e022a8385
Completed execution of arbitrary commands sent from the backdoor client
2022-02-18 04:06:18 -05:00
h3xduck
b68e01c057
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
2022-02-18 03:32:07 -05:00
h3xduck
9a47a2b15a
Completed client integration with new c&c module.
2022-02-17 06:21:09 -05:00
h3xduck
431a019931
Updated my RawTCPLib library with newest version supporting sniffing for payloads. Also new data in preparation for complete RCE module
2022-02-16 19:38:39 -05:00
h3xduck
d5478ed7a0
Added more communication utils between userspace and kernel:
...
* Included maps and kernel ring buffer communication
* Extended the ebpf structure to include more modules
* New utils in both user and kernelspace
* Other changes
* This update precedes a great effort on researching and learning and linux kernel tracing and studing ebpfkit from defcon. More functionalities should come rather quickly now.
2021-12-29 14:44:09 -05:00
h3xduck
2999a090b7
Fixed the client, now the payload shrinking is fully working, also the bug previously found seems to be nothing but an error of mine. Ready to merge!
2021-11-27 19:08:38 -05:00
h3xduck
72fddcac62
Finished adapting the code to tcp packets (+ researched a lot about xdp and ebpf, we should be OK with xdps, found a lot of ideas)
2021-11-23 19:55:44 -05:00
h3xduck
516e98748c
Finished adapting the client. Cleaned the user code and added getopt. The filter fully works now. Next step: return data to userspace via a map.
2021-11-22 20:02:47 -05:00
h3xduck
b04200526c
Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client
2021-11-22 18:58:58 -05:00
