admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-21 01:03:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
116 Commits 1 Branch 1 Tag
4044d7994c17ef6fb35217fedbb6899debd66460
Commit Graph

15 Commits

Author SHA1 Message Date
h3xduck
4044d7994c Added sys_openat for the injection module, fully working! 2022-05-16 08:02:38 -04:00
h3xduck
78b3132687 Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular 2022-05-15 20:47:58 -04:00
h3xduck
4a292f0f7a Merged master and develop, now all changes together. Fully tested and working. 2022-05-15 20:46:35 -04:00
h3xduck
5746ac5efb Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor 2022-05-07 19:16:33 -04:00
h3xduck
fcf43ff180 Finished extraction of return address from the stack, and libc syscall adress 2022-03-17 19:32:32 -04:00
h3xduck
671e2d671d Added extraction of original jump instruction and opcodes 2022-03-15 18:36:59 -04:00
h3xduck
0c88d5baa9 Successfully added uprobes calculation and hooking at arbitrary function of execve_hijack. 2022-03-03 05:53:51 -05:00
h3xduck
044c85f3ff Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done 2022-02-06 14:15:57 -05:00
h3xduck
643783004a Added new hooks and updated map fields to support new sudo module. 2022-02-05 13:49:20 -05:00
h3xduck
2b50d376a6 Updated function and configurator manager names to the used hook. 2022-01-26 13:04:23 -05:00
h3xduck
945e2f2def Added new probe to read the previously extracted params and overwrite user memory. Still now fully working, just a backup 2022-01-14 22:05:08 -05:00
h3xduck
4882ce790c [BUILD FAILING] Checkpoint for backup, added new hook for file system, tweaked makefile for real kernel header files inclusion, still not working. Commiting for periodic backup 2022-01-05 20:34:53 -05:00
h3xduck
f8774ac9cf [BUILD IS FAILING] Added file system hooks and other improvements. Uploading because of needing to backup 2022-01-04 20:09:59 -05:00
h3xduck
74873dbca5 Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure 2022-01-04 13:26:13 -05:00
h3xduck
0863566292 Included a global config struct for controlling which hooks and functions of the rootkit should be active. Still work to be done in the bpf side 2021-12-31 09:54:47 -05:00