h3xduck
|
ad4f9b2504
|
Completed phantom shell protocol, added new checksum correctors
|
2022-05-11 20:27:52 -04:00 |
|
h3xduck
|
28ed530aea
|
Completed the TC Hook and payload enlargment and substitution mechanisms. Only the packet recognition on the client side remains to work
|
2022-05-11 17:31:38 -04:00 |
|
h3xduck
|
4211d0b5d5
|
Updated all components with phantom shell
|
2022-05-09 22:06:29 -04:00 |
|
h3xduck
|
5320f35d01
|
Added new hidden payload stream mode, now triggered using the source port. Fully integrated already, can select between that and seqnum in client. Both launch live encrypted shell via v3 backdoor
|
2022-05-09 20:16:13 -04:00 |
|
h3xduck
|
ff2868846f
|
Fixed a big bug in previous client terminals, also made the new multi-triggered backdoor to work completely and connect to encrypted session
|
2022-05-09 17:48:02 -04:00 |
|
h3xduck
|
073e1d3129
|
Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions
|
2022-05-09 16:36:39 -04:00 |
|
h3xduck
|
ba19537ec1
|
Added new packet stream payload mode in client for V3 backdoor
|
2022-05-07 20:45:02 -04:00 |
|
h3xduck
|
5746ac5efb
|
Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor
|
2022-05-07 19:16:33 -04:00 |
|
h3xduck
|
ce7d36371d
|
Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional
|
2022-05-07 17:55:27 -04:00 |
|
h3xduck
|
cceca23478
|
Completed message sharing, starting with protocol now
|
2022-05-05 22:14:28 -04:00 |
|
h3xduck
|
213e30ba3b
|
Fixed keys of trigger packet V1, added sample servers, fixed client bug
|
2022-05-05 17:52:58 -04:00 |
|
h3xduck
|
ead4a4ca68
|
Completed checks for V1 trigger
|
2022-05-04 08:54:21 -04:00 |
|
h3xduck
|
073a911f74
|
Included new version of custom lib. Added checks for backdoor triggering
|
2022-05-04 04:40:25 -04:00 |
|
h3xduck
|
8be536fb6f
|
Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.
|
2022-04-14 13:24:43 -04:00 |
|
h3xduck
|
a9f0ae17f7
|
Completed client payload generation
|
2022-04-14 09:49:08 -04:00 |
|
h3xduck
|
0e022a8385
|
Completed execution of arbitrary commands sent from the backdoor client
|
2022-02-18 04:06:18 -05:00 |
|
h3xduck
|
b68e01c057
|
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
|
2022-02-18 03:32:07 -05:00 |
|
h3xduck
|
9a47a2b15a
|
Completed client integration with new c&c module.
|
2022-02-17 06:21:09 -05:00 |
|
h3xduck
|
2999a090b7
|
Fixed the client, now the payload shrinking is fully working, also the bug previously found seems to be nothing but an error of mine. Ready to merge!
|
2021-11-27 19:08:38 -05:00 |
|
h3xduck
|
516e98748c
|
Finished adapting the client. Cleaned the user code and added getopt. The filter fully works now. Next step: return data to userspace via a map.
|
2021-11-22 20:02:47 -05:00 |
|
h3xduck
|
b04200526c
|
Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client
|
2021-11-22 18:58:58 -05:00 |
|