h3xduck
57f3edd8fa
Fixed bug in client getting local ip
2022-05-15 19:09:04 -04:00
h3xduck
6e76e1ed1a
Solved an error in client ip config
2022-05-15 18:08:14 -04:00
h3xduck
ce3b267d01
Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces
2022-05-15 16:45:47 -04:00
h3xduck
e6cbe7c24a
Updated client to work with multiple network interfaces
2022-05-15 15:15:43 -04:00
h3xduck
d509f20974
Completed command passing for phantom shell
2022-05-15 14:44:16 -04:00
h3xduck
ad4f9b2504
Completed phantom shell protocol, added new checksum correctors
2022-05-11 20:27:52 -04:00
h3xduck
28ed530aea
Completed the TC Hook and payload enlargment and substitution mechanisms. Only the packet recognition on the client side remains to work
2022-05-11 17:31:38 -04:00
h3xduck
4211d0b5d5
Updated all components with phantom shell
2022-05-09 22:06:29 -04:00
h3xduck
5320f35d01
Added new hidden payload stream mode, now triggered using the source port. Fully integrated already, can select between that and seqnum in client. Both launch live encrypted shell via v3 backdoor
2022-05-09 20:16:13 -04:00
h3xduck
ff2868846f
Fixed a big bug in previous client terminals, also made the new multi-triggered backdoor to work completely and connect to encrypted session
2022-05-09 17:48:02 -04:00
h3xduck
073e1d3129
Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions
2022-05-09 16:36:39 -04:00
h3xduck
ba19537ec1
Added new packet stream payload mode in client for V3 backdoor
2022-05-07 20:45:02 -04:00
h3xduck
5746ac5efb
Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor
2022-05-07 19:16:33 -04:00
h3xduck
ce7d36371d
Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional
2022-05-07 17:55:27 -04:00
h3xduck
cceca23478
Completed message sharing, starting with protocol now
2022-05-05 22:14:28 -04:00
h3xduck
213e30ba3b
Fixed keys of trigger packet V1, added sample servers, fixed client bug
2022-05-05 17:52:58 -04:00
h3xduck
2deebf1b9e
Added V1 command sending via secret trigger on backdoor
2022-05-05 12:59:02 -04:00
h3xduck
ead4a4ca68
Completed checks for V1 trigger
2022-05-04 08:54:21 -04:00
h3xduck
073a911f74
Included new version of custom lib. Added checks for backdoor triggering
2022-05-04 04:40:25 -04:00
h3xduck
8be536fb6f
Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.
2022-04-14 13:24:43 -04:00
h3xduck
a9f0ae17f7
Completed client payload generation
2022-04-14 09:49:08 -04:00
h3xduck
0e022a8385
Completed execution of arbitrary commands sent from the backdoor client
2022-02-18 04:06:18 -05:00
h3xduck
b68e01c057
Finished pseudo-connection between client and rootkit backdoor. Updated library to latest version.
2022-02-18 03:32:07 -05:00
h3xduck
9a47a2b15a
Completed client integration with new c&c module.
2022-02-17 06:21:09 -05:00
h3xduck
d5478ed7a0
Added more communication utils between userspace and kernel:
...
* Included maps and kernel ring buffer communication
* Extended the ebpf structure to include more modules
* New utils in both user and kernelspace
* Other changes
* This update precedes a great effort on researching and learning and linux kernel tracing and studing ebpfkit from defcon. More functionalities should come rather quickly now.
2021-12-29 14:44:09 -05:00
h3xduck
2999a090b7
Fixed the client, now the payload shrinking is fully working, also the bug previously found seems to be nothing but an error of mine. Ready to merge!
2021-11-27 19:08:38 -05:00
h3xduck
72fddcac62
Finished adapting the code to tcp packets (+ researched a lot about xdp and ebpf, we should be OK with xdps, found a lot of ideas)
2021-11-23 19:55:44 -05:00
h3xduck
516e98748c
Finished adapting the client. Cleaned the user code and added getopt. The filter fully works now. Next step: return data to userspace via a map.
2021-11-22 20:02:47 -05:00
h3xduck
b04200526c
Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client
2021-11-22 18:58:58 -05:00
