TripleCross

mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-16 07:13:07 +08:00

Author	SHA1	Message	Date
h3xduck	820c9f9401	Fixed some diagrams	2022-05-23 08:47:39 -04:00
h3xduck	a27543a7a6	Completed bpf in the history section	2022-05-23 07:08:46 -04:00
h3xduck	c29a99e03f	ALmost completed cbpf explantion	2022-05-23 06:17:21 -04:00
h3xduck	23d6bbd3ed	Continued with classic bpf explanations	2022-05-22 19:57:47 -04:00
h3xduck	cdaed83d1a	Continued with ebpf history	2022-05-22 10:04:16 -04:00
h3xduck	3ec9175053	Continued with the state of the art section	2022-05-22 08:19:32 -04:00
h3xduck	d161a29020	Included some comments on next work	2022-05-21 20:56:00 -04:00
h3xduck	3f2b426c98	Completed the objectives section. Skipping the rest of the chapter	2022-05-21 19:43:51 -04:00
h3xduck	61d141bbb6	Went on with the objectives section	2022-05-21 16:56:05 -04:00
h3xduck	b1933069ae	Completed motivation	2022-05-20 22:58:33 -04:00
h3xduck	2065c2e131	Added partial motivation section	2022-05-20 21:20:24 -04:00
h3xduck	3e697dd4cf	Fixed a bug where tcpport mode in the multi-packet backdoor did not work if a previous trigger using seqnum mode was made	2022-05-18 12:45:35 -04:00
h3xduck	104f4c0355	Added obfuscation for the persistance access using cron	2022-05-16 17:34:21 -04:00
h3xduck	ccd518287a	Added new deployer for preparing final files, messed up with the phantom shell, sometimes gives errors, but I don't think we can do much, the shared maps together with multi-hooks on network has some unexpected behaviours	2022-05-16 16:33:12 -04:00
h3xduck	757a480de9	Completed work on deployer, previous to cron persistence	2022-05-16 12:52:25 -04:00
h3xduck	82fa056955	Added hide directory capabilities for the rootkit	2022-05-16 11:24:59 -04:00
h3xduck	4044d7994c	Added sys_openat for the injection module, fully working!	2022-05-16 08:02:38 -04:00
h3xduck	abc501d4be	Merge branch 'develop'	2022-05-15 20:49:09 -04:00
h3xduck	78b3132687	Updated some files for eveything to work now that it is all together. Execve hijacker and clients in particular	2022-05-15 20:47:58 -04:00
h3xduck	4a292f0f7a	Merged master and develop, now all changes together. Fully tested and working.	2022-05-15 20:46:35 -04:00
h3xduck	57f3edd8fa	Fixed bug in client getting local ip	2022-05-15 19:09:04 -04:00
h3xduck	6e76e1ed1a	Solved an error in client ip config	2022-05-15 18:08:14 -04:00
h3xduck	ce3b267d01	Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces	2022-05-15 16:45:47 -04:00
h3xduck	e6cbe7c24a	Updated client to work with multiple network interfaces	2022-05-15 15:15:43 -04:00
h3xduck	d509f20974	Completed command passing for phantom shell	2022-05-15 14:44:16 -04:00
h3xduck	ad4f9b2504	Completed phantom shell protocol, added new checksum correctors	2022-05-11 20:27:52 -04:00
h3xduck	28ed530aea	Completed the TC Hook and payload enlargment and substitution mechanisms. Only the packet recognition on the client side remains to work	2022-05-11 17:31:38 -04:00
h3xduck	567d8d706c	Further completed the phantom shell routine and added more checks in TC, still not finished, payload rewriting remains, but the rest is fully ready	2022-05-10 23:04:19 -04:00
h3xduck	f2c3624e8b	Added test on tc clasiffier, added pinned maps, and obtaining the fd from other maps in order to synchronize between programs	2022-05-10 19:09:52 -04:00
h3xduck	4211d0b5d5	Updated all components with phantom shell	2022-05-09 22:06:29 -04:00
h3xduck	5320f35d01	Added new hidden payload stream mode, now triggered using the source port. Fully integrated already, can select between that and seqnum in client. Both launch live encrypted shell via v3 backdoor	2022-05-09 20:16:13 -04:00
h3xduck	ff0f34c6a4	Included new library version with support for tcp src port paylaod injection	2022-05-09 18:57:23 -04:00
h3xduck	ff2868846f	Fixed a big bug in previous client terminals, also made the new multi-triggered backdoor to work completely and connect to encrypted session	2022-05-09 17:48:02 -04:00
h3xduck	073e1d3129	Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions	2022-05-09 16:36:39 -04:00
h3xduck	ba19537ec1	Added new packet stream payload mode in client for V3 backdoor	2022-05-07 20:45:02 -04:00
h3xduck	5746ac5efb	Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor	2022-05-07 19:16:33 -04:00
h3xduck	ce7d36371d	Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional	2022-05-07 17:55:27 -04:00
h3xduck	f6a4c1daa0	Finished execve hijacking, added new last checks and discovered why sometimes it fails. New detached process at the userspace. Other fixes	2022-05-07 10:36:46 -04:00
h3xduck	cceca23478	Completed message sharing, starting with protocol now	2022-05-05 22:14:28 -04:00
h3xduck	213e30ba3b	Fixed keys of trigger packet V1, added sample servers, fixed client bug	2022-05-05 17:52:58 -04:00
h3xduck	0553ad777f	Completed message passing of commands to userspace via ebpf ringbuffer	2022-05-05 13:22:47 -04:00
h3xduck	2deebf1b9e	Added V1 command sending via secret trigger on backdoor	2022-05-05 12:59:02 -04:00
h3xduck	ead4a4ca68	Completed checks for V1 trigger	2022-05-04 08:54:21 -04:00
h3xduck	073a911f74	Included new version of custom lib. Added checks for backdoor triggering	2022-05-04 04:40:25 -04:00
h3xduck	aca4cc4cfb	Adding gitignore	2022-04-27 22:03:17 -04:00
h3xduck	a9fd1441b1	Merge branch 'master' of https://github.com/h3xduck/TFG	2022-04-27 21:59:59 -04:00
h3xduck	dccea69119	Updating documentation, preparing document with sections and comments	2022-04-27 21:59:56 -04:00
h3xduck	25ef3acc5a	Updating doc, adding makefile and preparing document	2022-04-27 21:56:37 -04:00
Marcos S. Bajo	f5897ae00d	Merge pull request #26 from h3xduck/injection Library injection + sudo bypass + initial version of C2	2022-04-27 23:59:56 +02:00
Juan Tapiador	701950669f	implant trigger (hive)	2022-04-19 16:24:36 +02:00

1 2 3 4 5

232 Commits