admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-29 12:43:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Completed memory corruption and continued with networking programs.

Browse Source
This commit is contained in:
h3xduck
2022-06-05 21:20:23 -04:00
parent 3f02cd4996
commit 55378027ab
16 changed files with 511 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/document.aux
View File

@@ -204,6 +204,7 @@
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.3}eBPF program types}{18}{section.2.3}\protected@file@percent }
\newlabel{section:ebpf_prog_types}{{2.3}{18}{eBPF program types}{section.2.3}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.1}XDP}{18}{subsection.2.3.1}\protected@file@percent }
\newlabel{subsection:xdp}{{2.3.1}{18}{XDP}{subsection.2.3.1}{}}
\abx@aux@cite{xdp_manual}
\abx@aux@segm{0}{0}{xdp_manual}
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.8}{\ignorespaces Figure showing how the eBPF XDP and TC modules are integrated in the network processing in the Linux kernel.\relax }}{19}{figure.caption.23}\protected@file@percent }
@@ -223,6 +224,7 @@
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.11}{\ignorespaces Table showing relevant XDP-exclusive eBPF helpers.\relax }}{20}{table.caption.25}\protected@file@percent }
\newlabel{table:xdp_helpers}{{2.11}{20}{Table showing relevant XDP-exclusive eBPF helpers.\relax }{table.caption.25}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.3.2}Traffic Control}{20}{subsection.2.3.2}\protected@file@percent }
\newlabel{subsection:tc}{{2.3.2}{20}{Traffic Control}{subsection.2.3.2}{}}
\abx@aux@cite{tp_kernel}
\abx@aux@segm{0}{0}{tp_kernel}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.12}{\ignorespaces Table showing TC relevant return values. Full list can be consulted at \cite {tc_ret_list_complete}.\relax }}{21}{table.caption.26}\protected@file@percent }
@@ -302,6 +304,7 @@
\newlabel{code:sys_enter_read_tp}{{3.6}{32}{Format of custom struct sys\_read\_enter\_ctx}{lstlisting.3.6}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.6}Format of custom struct sys\_read\_enter\_ctx.}{32}{lstlisting.3.6}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.2}Reading memory out of bounds}{33}{subsection.3.2.2}\protected@file@percent }
\newlabel{subsection:out_read_bounds}{{3.2.2}{33}{Reading memory out of bounds}{subsection.3.2.2}{}}
\abx@aux@cite{ebpf_friends_p15}
\abx@aux@segm{0}{0}{ebpf_friends_p15}
\abx@aux@cite{ebpf_override_return}
@@ -310,19 +313,20 @@
\abx@aux@segm{0}{0}{code_kernel_open}
\abx@aux@cite{code_kernel_open}
\abx@aux@segm{0}{0}{code_kernel_open}
\abx@aux@cite{code_kernel_open}
\abx@aux@segm{0}{0}{code_kernel_open}
\abx@aux@cite{code_kernel_open}
\abx@aux@segm{0}{0}{code_kernel_open}
\abx@aux@cite{code_kernel_syscall}
\abx@aux@segm{0}{0}{code_kernel_syscall}
\abx@aux@cite{code_kernel_syscall}
\abx@aux@segm{0}{0}{code_kernel_syscall}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.3}Overriding function return values}{34}{subsection.3.2.3}\protected@file@percent }
\newlabel{code:override_return_1}{{3.7}{34}{Definition of the syscall sys\_open in the kernel \cite {code_kernel_open}}{lstlisting.3.7}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.7}Definition of the syscall sys\_open in the kernel \cite {code_kernel_open}}{34}{lstlisting.3.7}\protected@file@percent }
\newlabel{code:override_return_2}{{3.8}{34}{Definition of the macro for creating syscalls, containing the error injection macro. Only relevant instructions included, complete macro can be found in the kernel \cite {code_kernel_open}}{lstlisting.3.8}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.8}Definition of the macro for creating syscalls, containing the error injection macro. Only relevant instructions included, complete macro can be found in the kernel \cite {code_kernel_open}}{34}{lstlisting.3.8}\protected@file@percent }
\newlabel{code:override_return_2}{{3.8}{34}{Definition of the macro for creating syscalls, containing the error injection macro. Only relevant instructions included, complete macro can be found in the kernel \cite {code_kernel_syscall}}{lstlisting.3.8}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.8}Definition of the macro for creating syscalls, containing the error injection macro. Only relevant instructions included, complete macro can be found in the kernel \cite {code_kernel_syscall}}{34}{lstlisting.3.8}\protected@file@percent }
\abx@aux@cite{fault_injection}
\abx@aux@segm{0}{0}{fault_injection}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.4}Sending signals to user programs}{35}{subsection.3.2.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.2.5}Conclusion}{35}{subsection.3.2.5}\protected@file@percent }
\newlabel{subsection:tracing_attacks_conclusion}{{3.2.5}{35}{Conclusion}{subsection.3.2.5}{}}
\abx@aux@cite{ebpf_helpers}
\abx@aux@segm{0}{0}{ebpf_helpers}
\abx@aux@cite{mem_page_arch}
@@ -359,19 +363,31 @@
\abx@aux@cite{write_helper_non_fault}
\abx@aux@segm{0}{0}{write_helper_non_fault}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.3.4}Attacks and limitations of bpf\_probe\_write\_user()}{43}{subsection.3.3.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Methods??}{45}{chapter.4}\protected@file@percent }
\newlabel{subsection_bpf_probe_write_apps}{{3.3.4}{43}{Attacks and limitations of bpf\_probe\_write\_user()}{subsection.3.3.4}{}}
\abx@aux@cite{code_vfs_read}
\abx@aux@segm{0}{0}{code_vfs_read}
\abx@aux@cite{code_vfs_read}
\abx@aux@segm{0}{0}{code_vfs_read}
\abx@aux@cite{8664_params_abi_p1922}
\abx@aux@segm{0}{0}{8664_params_abi_p1922}
\newlabel{code:vfs_read}{{3.9}{44}{Definition of kernel function vfs\_read. \cite {code_vfs_read}}{lstlisting.3.9}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.9}Definition of kernel function vfs\_read. \cite {code_vfs_read}}{44}{lstlisting.3.9}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {3.9}{\ignorespaces Overview of stack scanning and writing technique.\relax }}{45}{figure.caption.43}\protected@file@percent }
\newlabel{fig:stack_scan_write_tech}{{3.9}{45}{Overview of stack scanning and writing technique.\relax }{figure.caption.43}{}}
\newlabel{code:stack_scan_write_tech}{{3.10}{45}{Sample program being executed on figure \ref {fig:stack_scan_write_tech}}{lstlisting.3.10}{}}
\@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {3.10}Sample program being executed on figure \ref {fig:stack_scan_write_tech}.}{45}{lstlisting.3.10}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.3.5}Conclusion}{46}{subsection.3.3.5}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {3.4}Abusing networking programs}{46}{section.3.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {3.4.1}Attacks and limitations of networking programs}{47}{subsection.3.4.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{48}{chapter.4}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Results}{46}{chapter.5}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{49}{chapter.5}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {6}Conclusion and future work}{47}{chapter.6}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{48}{chapter.6}\protected@file@percent }
\newlabel{annex:bpftool_flags_kernel}{{6}{}{Appendix A - Bpftool commands}{chapter*.44}{}}
\abx@aux@read@bbl@mdfivesum{5BC491FF2560E8B85979411211F855E2}
\abx@aux@read@bblrerun
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{50}{chapter.5}\protected@file@percent }
\newlabel{annex:bpftool_flags_kernel}{{5}{}{Appendix A - Bpftool commands}{chapter*.45}{}}
\abx@aux@read@bbl@mdfivesum{070A0F15FB780499B250A471B22B0670}
\abx@aux@refcontextdefaultsdone
\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
@@ -437,9 +453,14 @@
\abx@aux@defaultrefcontext{0}{ebpf_friends_p15}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_override_return}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{code_kernel_open}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{code_kernel_syscall}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{fault_injection}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{mem_page_arch}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{page_faults}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{mem_arch_proc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{8664_params_abi_p18}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{write_helper_non_fault}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{code_vfs_read}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{8664_params_abi_p1922}{none/global//global/global}
\ttl@finishall
\gdef \@abspage@last{70}
\gdef \@abspage@last{73}