h3xduck
|
ff0f34c6a4
|
Included new library version with support for tcp src port paylaod injection
|
2022-05-09 18:57:23 -04:00 |
|
h3xduck
|
ff2868846f
|
Fixed a big bug in previous client terminals, also made the new multi-triggered backdoor to work completely and connect to encrypted session
|
2022-05-09 17:48:02 -04:00 |
|
h3xduck
|
073e1d3129
|
Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions
|
2022-05-09 16:36:39 -04:00 |
|
h3xduck
|
5746ac5efb
|
Added new hidden packets, commands and rest of structure to activate and deactivate hooks from the backdoor
|
2022-05-07 19:16:33 -04:00 |
|
h3xduck
|
ce7d36371d
|
Finished encrypted interactive shell and encrypted protocol implementation, V2 rootkit now fully functional
|
2022-05-07 17:55:27 -04:00 |
|
h3xduck
|
f6a4c1daa0
|
Finished execve hijacking, added new last checks and discovered why sometimes it fails. New detached process at the userspace. Other fixes
|
2022-05-07 10:36:46 -04:00 |
|
h3xduck
|
cceca23478
|
Completed message sharing, starting with protocol now
|
2022-05-05 22:14:28 -04:00 |
|
h3xduck
|
213e30ba3b
|
Fixed keys of trigger packet V1, added sample servers, fixed client bug
|
2022-05-05 17:52:58 -04:00 |
|
h3xduck
|
0553ad777f
|
Completed message passing of commands to userspace via ebpf ringbuffer
|
2022-05-05 13:22:47 -04:00 |
|
h3xduck
|
2deebf1b9e
|
Added V1 command sending via secret trigger on backdoor
|
2022-05-05 12:59:02 -04:00 |
|
h3xduck
|
ead4a4ca68
|
Completed checks for V1 trigger
|
2022-05-04 08:54:21 -04:00 |
|
h3xduck
|
073a911f74
|
Included new version of custom lib. Added checks for backdoor triggering
|
2022-05-04 04:40:25 -04:00 |
|
h3xduck
|
8be536fb6f
|
Added locking mechanism for execve_hijack. Incorporated new library rawtcp with latest version without bug.
|
2022-04-14 13:24:43 -04:00 |
|
h3xduck
|
7157729334
|
Added forked routine to execve_hijack. Improved argv modification and made it work. Working now.
|
2022-04-13 08:57:33 -04:00 |
|
h3xduck
|
805fa760cf
|
Corrected issues of opening directories without permission in execve helper
|
2022-02-24 19:53:11 -05:00 |
|
h3xduck
|
b182ac1eeb
|
Added new TC module, updates to the exec hooking system and the userland module
|
2022-02-20 16:50:15 -05:00 |
|
h3xduck
|
1ec4ed8486
|
Now the execve hijacker works without needing a canalizer. Removed it. Also some additional tweaks to the c&c launching of the helper
|
2022-02-19 11:57:32 -05:00 |
|
h3xduck
|
8e97624326
|
Improved the pricvesc module which used sudo, now correctly working when the user already has sudo with password capabilities. Now the rootkit userspace helper is correctly launching with root permissions
|
2022-02-19 11:08:56 -05:00 |
|
h3xduck
|
130364e6ab
|
Added support for integrating the execution hijacker via the rootkit. Still some work to do, also changed some config from fs which needs to be reverted
|
2022-02-18 09:08:54 -05:00 |
|
h3xduck
|
2ae705f037
|
Added new map structure, in preparation for new internal maps storing requested commands via the network backdoor
|
2022-02-14 20:08:30 -05:00 |
|
h3xduck
|
edbaf09c06
|
Completed execve hijacking, as with special error cases that arise and that are documented in the code.
|
2022-02-14 17:45:07 -05:00 |
|
h3xduck
|
044c85f3ff
|
Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done
|
2022-02-06 14:15:57 -05:00 |
|
h3xduck
|
41ef733520
|
Completed faking that an user is in the sudoers file. Now user 'test' can use sudo without being there
|
2022-02-05 14:10:12 -05:00 |
|
h3xduck
|
643783004a
|
Added new hooks and updated map fields to support new sudo module.
|
2022-02-05 13:49:20 -05:00 |
|
h3xduck
|
2b50d376a6
|
Updated function and configurator manager names to the used hook.
|
2022-01-26 13:04:23 -05:00 |
|
h3xduck
|
3832d99af1
|
Updated file names and directory structure to the new multi-modules rootkit
|
2022-01-16 06:56:54 -05:00 |
|