admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-20 08:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
119 Commits 1 Branch 1 Tag
ccd518287a063bc0ba3a2f08fb79f6ee7c124ebe
Commit Graph

20 Commits

Author SHA1 Message Date
h3xduck
82fa056955 Added hide directory capabilities for the rootkit 2022-05-16 11:24:59 -04:00
h3xduck
4044d7994c Added sys_openat for the injection module, fully working! 2022-05-16 08:02:38 -04:00
h3xduck
78b3132687 Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular 2022-05-15 20:47:58 -04:00
h3xduck
4a292f0f7a Merged master and develop, now all changes together. Fully tested and working. 2022-05-15 20:46:35 -04:00
h3xduck
ce7d36371d Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional 2022-05-07 17:55:27 -04:00
h3xduck
f6a4c1daa0 Finished execve hijacking, added new last checks and discovered why sometimes it fails. New detached process at the userspace. Other fixes 2022-05-07 10:36:46 -04:00
h3xduck
073a911f74 Included new version of custom lib. Added checks for backdoor triggering 2022-05-04 04:40:25 -04:00
h3xduck
e881502ffa Now control flow is redirected back to the syscall after running the shared library constructor instead of skipping it 2022-04-09 14:17:09 -04:00
h3xduck
621e42e2e8 Changed shellcode to include backup of registers and stuck. Now prevents stack smashing detection via the stack canaries 2022-04-07 19:47:53 -04:00
h3xduck
be5605db5f Introduced shellcode and finished code cave writing and injection. RELRO working 2022-04-07 11:54:24 -04:00
h3xduck
3438f5846f Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated 2022-04-07 07:11:28 -04:00
h3xduck
8f28c3a883 Updated helpers and added resources to help with lib injection 2022-03-24 15:40:05 -04:00
h3xduck
671e2d671d Added extraction of original jump instruction and opcodes 2022-03-15 18:36:59 -04:00
h3xduck
1ec4ed8486 Now the execve hijacker works without needing a canalizer. Removed it. Also some additional tweaks to the c&c launching of the helper 2022-02-19 11:57:32 -05:00
h3xduck
130364e6ab Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted 2022-02-18 09:08:54 -05:00
h3xduck
044c85f3ff Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done 2022-02-06 14:15:57 -05:00
h3xduck
41ef733520 Completed faking that an user is in the sudoers file. Now user 'test' can use sudo without being there 2022-02-05 14:10:12 -05:00
h3xduck
643783004a Added new hooks and updated map fields to support new sudo module. 2022-02-05 13:49:20 -05:00
h3xduck
fc0d30f06f Completed output modification of sys_read. Created a simple PoC 2022-01-16 06:45:45 -05:00
h3xduck
d5478ed7a0 Added more communication utils between userspace and kernel: 
* Included maps and kernel ring buffer communication
* Extended the ebpf structure to include more modules
* New utils in both user and kernelspace
* Other changes
* This update precedes a great effort on researching and learning and linux kernel tracing and studing ebpfkit from defcon. More functionalities should come rather quickly now.
 2021-12-29 14:44:09 -05:00