admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-22 09:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 74873dbca5 Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure h3xduck 2022-01-04 13:26:13 -05:00
  • 40da6b300b Capability of attaching/detaching as many times as we want is finished. Now rootkit is fully cusotmizable from the userland (and thus remotely throught the backdoor) h3xduck 2022-01-02 16:02:23 -05:00
  • adaf909781 Completed detachment of probes, enabling to attach and detach at will. Work needs to be done with xdp tho h3xduck 2022-01-02 06:28:45 -05:00
  • d18b0aa23c Further improvements in the rootkit configuration by the user h3xduck 2021-12-31 12:02:35 -05:00
  • 0863566292 Included a global config struct for controlling which hooks and functions of the rootkit should be active. Still work to be done in the bpf side h3xduck 2021-12-31 09:54:47 -05:00
  • d9a70f866c Modularized the ebpf program loading and attaching. h3xduck 2021-12-30 21:09:26 -05:00
  • 19a11da18f Modularized the communication buffers h3xduck 2021-12-30 12:48:45 -05:00
  • d5478ed7a0 Added more communication utils between userspace and kernel: * Included maps and kernel ring buffer communication * Extended the ebpf structure to include more modules * New utils in both user and kernelspace * Other changes * This update precedes a great effort on researching and learning and linux kernel tracing and studing ebpfkit from defcon. More functionalities should come rather quickly now. h3xduck 2021-12-29 14:44:09 -05:00
  • 510fc89de0 FIltering the found filepaths now fully working. We can now detect opened file descriptors of all processes h3xduck 2021-12-24 10:22:23 -05:00
  • be9cc95daa Adapted makefile for user includes and new source files h3xduck 2021-12-24 06:59:30 -05:00
  • 745ec4e395 Updated project structure, and added new list for the next incoming feature. h3xduck 2021-12-21 20:08:49 -05:00
  • 1b2bc34826 Fix typo Marcos S. Bajo 2021-11-28 02:01:56 +01:00
  • c1939dca2b Update README.md Marcos S. Bajo 2021-11-28 02:01:32 +01:00
  • 3b2fbc3aa4 Merge pull request #9 from h3xduck/playzone Marcos S. Bajo 2021-11-28 01:53:03 +01:00
  • 2999a090b7 Fixed the client, now the payload shrinking is fully working, also the bug previously found seems to be nothing but an error of mine. Ready to merge! h3xduck 2021-11-27 19:08:38 -05:00
  • a1119894cd Made it work with an arbitrary length payload. Generalization with constants.h, now the PoC can be used for any shrinking/enlarging value. Discovered a very curious bug h3xduck 2021-11-27 17:01:10 -05:00
  • a440326653 Arbitrary payload modification fully works now. Absolutely ridicous the time it took me (2 days) to realize I was computing the ip checksum with the old checksum values, which made it not to work. Finally can keep going h3xduck 2021-11-27 14:10:43 -05:00
  • ca23880fd4 Arbitrary payload expansion is now working. IP checksum recomputation needs a revision, it is always 0... h3xduck 2021-11-25 20:30:15 -05:00
  • 253c302695 Payload increased length now being correctly recognized, but still cannot write to it yet. h3xduck 2021-11-25 06:36:32 -05:00
  • 442f955cf5 Added module which arbitrarily increases the size of the packet we received. Needs some tweaking to allow for modification of the header and payload fields yet, but the space allocation is already there. Also, multiple improvements overall h3xduck 2021-11-24 20:41:07 -05:00
  • 74cc7ff9e5 Further refactored code and dealt with the verifier issues with string comparisons h3xduck 2021-11-24 12:17:31 -05:00
  • 0568d5192d Finished externalizing helper functions h3xduck 2021-11-24 10:50:30 -05:00
  • 72fddcac62 Finished adapting the code to tcp packets (+ researched a lot about xdp and ebpf, we should be OK with xdps, found a lot of ideas) h3xduck 2021-11-23 19:55:44 -05:00
  • 516e98748c Finished adapting the client. Cleaned the user code and added getopt. The filter fully works now. Next step: return data to userspace via a map. h3xduck 2021-11-22 20:02:47 -05:00
  • b04200526c Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client h3xduck 2021-11-22 18:58:58 -05:00
  • 23c7331d16 Continued working on first xdp filter, todo make bpf ring buffer work, check udp filter is up ans working h3xduck 2021-11-21 20:00:43 -05:00
  • 53da2d141d Setup development environment with libbpf h3xduck 2021-11-20 21:07:23 -05:00
  • 8e7fd92dc4 Added new folders MARCOS SANCHEZ BAJO 2021-11-10 14:02:36 +01:00
  • 67ad3d7290 Completed the matrix MARCOS SANCHEZ BAJO 2021-11-10 11:03:36 +01:00
  • 9b3e332bd8 Uploaded mitre att&ck diagram with some ideas MARCOS SANCHEZ BAJO 2021-11-06 14:49:42 +01:00
  • 89c267abcb Included uc3m template MARCOS SANCHEZ BAJO 2021-10-27 22:29:57 +02:00
  • 8a8ec9ca8e Initial commit Marcos S. Bajo 2021-10-27 19:47:58 +02:00