h3xduck
|
4a292f0f7a
|
Merged master and develop, now all changes together. Fully tested and working.
|
2022-05-15 20:46:35 -04:00 |
|
h3xduck
|
ce3b267d01
|
Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces
|
2022-05-15 16:45:47 -04:00 |
|
h3xduck
|
567d8d706c
|
Further completed the phantom shell routine and added more checks in TC, still not finished, payload rewriting remains, but the rest is fully ready
|
2022-05-10 23:04:19 -04:00 |
|
h3xduck
|
0553ad777f
|
Completed message passing of commands to userspace via ebpf ringbuffer
|
2022-05-05 13:22:47 -04:00 |
|
h3xduck
|
e881502ffa
|
Now control flow is redirected back to the syscall after running the shared library constructor instead of skipping it
|
2022-04-09 14:17:09 -04:00 |
|
h3xduck
|
3438f5846f
|
Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated
|
2022-04-07 07:11:28 -04:00 |
|
h3xduck
|
2ae705f037
|
Added new map structure, in preparation for new internal maps storing requested commands via the network backdoor
|
2022-02-14 20:08:30 -05:00 |
|
h3xduck
|
106f141c7e
|
Added new kprobe to the filesystem ebpf section. Now receiving read events, and storing them in a map for later use, along with a reference to the user-space memory buffer
|
2022-01-14 21:18:51 -05:00 |
|