admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 10:53:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated

Browse Source
This commit is contained in:
h3xduck
2022-04-07 07:11:28 -04:00
parent 96cfda8c1f
commit 3438f5846f
24 changed files with 14973 additions and 14466 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/user/kit.c
View File

@@ -20,8 +20,7 @@
#include "include/utils/strings/regex.h"
#include "include/utils/structures/fdlist.h"
#include "include/modules/module_manager.h"
#include "include/utils/rop/extractor.h"
#include "include/utils/mem/injection.h"
#define ABORT_IF_ERR(err, msg)\
if(err<0){\
fprintf(stderr, msg);\
@@ -97,7 +96,7 @@ static int handle_rb_event(void *ctx, void *data, size_t data_size){
tm = localtime(&t);
strftime(ts, sizeof(ts), "%H:%M:%S", tm);
//Before parsing any data, check the type
if(e->event_type == INFO){
printf("%s INFO pid:%d code:%i, msg:%s\n", ts, e->pid, e->code, e->message);
}else if(e->event_type == DEBUG){
@@ -106,6 +105,12 @@ static int handle_rb_event(void *ctx, void *data, size_t data_size){
}else if(e->event_type == EXIT){
}else if(e->event_type == VULN_SYSCALL){
//eBPF detected syscall which can lead to library injection
printf("%s VULN_SYSCALL pid:%d syscall:%llx, return:%llx, libc_main:%llx, libc_dlopen_mode:%llx, libc_malloc:%llx, got:%llx, relro:%i\n", ts, e->pid, e->syscall_address, e->process_stack_return_address, e->libc_main_address, e->libc_dlopen_mode_address, e->libc_malloc_address, e->got_address, e->relro_active);
if(manage_injection(e)<0){
printf("Library injection failed\n");
}
}else{
printf("UNRECOGNIZED RB EVENT RECEIVED");
return -1;