h3xduck
|
5d6619ce40
|
Finished section 5. Multiple changes in the code according to the performed tests.
|
2022-06-19 14:35:19 -04:00 |
|
h3xduck
|
78b3132687
|
Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular
|
2022-05-15 20:47:58 -04:00 |
|
h3xduck
|
4a292f0f7a
|
Merged master and develop, now all changes together. Fully tested and working.
|
2022-05-15 20:46:35 -04:00 |
|
h3xduck
|
f6a4c1daa0
|
Finished execve hijacking, added new last checks and discovered why sometimes it fails. New detached process at the userspace. Other fixes
|
2022-05-07 10:36:46 -04:00 |
|
h3xduck
|
8be536fb6f
|
Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.
|
2022-04-14 13:24:43 -04:00 |
|
h3xduck
|
c3bffb6f84
|
Completed packet parsing at tc hook
|
2022-04-13 16:56:17 -04:00 |
|
h3xduck
|
7157729334
|
Added forked routine to execve_hijack. Improved argv modification and made it work. Working now.
|
2022-04-13 08:57:33 -04:00 |
|
h3xduck
|
8f28c3a883
|
Updated helpers and added resources to help with lib injection
|
2022-03-24 15:40:05 -04:00 |
|
h3xduck
|
9647972531
|
Finished extraction of stack return address
|
2022-03-17 13:18:19 -04:00 |
|
h3xduck
|
671e2d671d
|
Added extraction of original jump instruction and opcodes
|
2022-03-15 18:36:59 -04:00 |
|
h3xduck
|
0c88d5baa9
|
Successfully added uprobes calculation and hooking at arbitrary function of execve_hijack.
|
2022-03-03 05:53:51 -05:00 |
|
h3xduck
|
e64839f080
|
Added new libc symbols extraction
|
2022-03-02 19:00:50 -05:00 |
|
h3xduck
|
805fa760cf
|
Corrected issues of opening directories without permission in execve helper
|
2022-02-24 19:53:11 -05:00 |
|
h3xduck
|
b182ac1eeb
|
Added new TC module, updates to the exec hooking system and the userland module
|
2022-02-20 16:50:15 -05:00 |
|
h3xduck
|
1ec4ed8486
|
Now the execve hijacker works without needing a canalizer. Removed it. Also some additional tweaks to the c&c launching of the helper
|
2022-02-19 11:57:32 -05:00 |
|
h3xduck
|
130364e6ab
|
Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted
|
2022-02-18 09:08:54 -05:00 |
|
h3xduck
|
0e022a8385
|
Completed execution of arbitrary commands sent from the backdoor client
|
2022-02-18 04:06:18 -05:00 |
|
h3xduck
|
b68e01c057
|
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
|
2022-02-18 03:32:07 -05:00 |
|
h3xduck
|
9a47a2b15a
|
Completed client integration with new c&c module.
|
2022-02-17 06:21:09 -05:00 |
|
h3xduck
|
2ae705f037
|
Added new map structure, in preparation for new internal maps storing requested commands via the network backdoor
|
2022-02-14 20:08:30 -05:00 |
|
h3xduck
|
edbaf09c06
|
Completed execve hijacking, as with special error cases that arise and that are documented in the code.
|
2022-02-14 17:45:07 -05:00 |
|
h3xduck
|
044c85f3ff
|
Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done
|
2022-02-06 14:15:57 -05:00 |
|
h3xduck
|
05baa8fb8a
|
Added new helper program to be used with the execve hijacking module
|
2022-02-05 19:00:25 -05:00 |
|