There are no reviews yet. Be the first to send feedback to the community and the maintainers!
a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志 程序仅作原理演示使用 ylbhz@hk:~/work/c/ptrace$ gcc --version gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 ylbhz@hk:~/work/c/ptrace$ make gcc -Wall -c ptrace.c -o ptrace.o gcc -Wall -c anonyexec.c -o anonyexec.o gcc -o ptrace ptrace.o anonyexec.o elfreader.o ylbhz@hk:~/work/c/ptrace$ ./ptrace child pid = 3763 EIP: _start 4049a0 RSP: 7ffc4f394e60 RSP + 8 => RDX(char **ubp_av) to __libc_start_main argc: 3 src: ubp_av[1]: 3abb6677��@ dst: upb_av[1]: -a src: ubp_av[2]: 3abb6677��@ dst: upb_av[2]: -l ylbhz@hk:~/work/c/ptrace$ total 76 drwxrwxr-x 2 ylbhz ylbhz 4096 Jan 7 10:34 . drwx------ 16 ylbhz ylbhz 4096 Dec 29 15:08 .. -rw-rw-r-- 1 ylbhz ylbhz 349 Jan 3 18:39 Makefile -rw-rw-r-- 1 ylbhz ylbhz 1 Jan 7 10:31 README -rw-rw-r-- 1 ylbhz ylbhz 681 Jan 3 18:24 anonyexec.c -rw-rw-r-- 1 ylbhz ylbhz 226 Jan 3 17:59 anonyexec.h -rw-rw-r-- 1 ylbhz ylbhz 2680 Jan 7 10:34 anonyexec.o -rw-rw-r-- 1 ylbhz ylbhz 527 Jan 3 18:05 common.h -rw-rw-r-- 1 ylbhz ylbhz 230 Jan 3 19:00 elfreader.c -rw-rw-r-- 1 ylbhz ylbhz 142 Jan 3 18:59 elfreader.h -rw-rw-r-- 1 ylbhz ylbhz 1656 Jan 3 19:00 elfreader.o -rwxrwxr-x 1 ylbhz ylbhz 13992 Jan 7 10:34 ptrace -rw-rw-r-- 1 ylbhz ylbhz 2123 Jan 4 11:24 ptrace.c -rw-rw-r-- 1 ylbhz ylbhz 328 Jan 4 10:38 ptrace.h -rw-rw-r-- 1 ylbhz ylbhz 4768 Jan 7 10:34 ptrace.o ================= AUDITD execve test ========================= type=PATH msg=audit(1546831731.460:100): item=0 name="./ptrace" inode=11017404 dev=08:06 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1546831731.460:100): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=1835390 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1546831731.460:100): proctitle="./ptrace" type=SYSCALL msg=audit(1546831731.464:101): arch=c000003e syscall=59 success=yes exit=0 a0=7ffd846ee3d0 a1=7ffd846ee660 a2=0 a3=598 items=2 ppid=7971 pid=7972 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=4294967295 comm="3" exe=2F6D656D66643A656C66202864656C6574656429 key="rule01_exec" type=EXECVE msg=audit(1546831731.464:101): argc=3 a0="/proc/self/fd/3" a1="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686" a2="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686"
BrowserGhost
这是一个抓取浏览器密码的工具,后续会添加更多功能LuWu
红队基础设施自动化部署工具WeblogicEnvironment
Weblogic环境搭建工具sharpwmi
sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。EventCleaner
A tool mainly to erase specified records from Windows event logs, with additional functionalities.CobaltStrike-Toolset
Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so onEventLogMaster
Cobalt Strike插件 - RDP日志取证&清除PandaSniper
Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物HideShell
A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.redis_lua_exploit
NtlmSocks
a pass-the-hash toolSerialWriter
SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.ptyshell
A reverse PTY shell in Copenssh-7.6p1-patch
a patched sshd for red team activitiesgetpass
a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatzdcpwn
an impacket-dependent script exploiting CVE-2019-1040mscache
a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacketKerberosUserEnum
Kerberos accounts enumeration taking advantage of AS-REQPapers
PapersCVE-2018-20250
010 Editor template for ACE archive format & CVE-2018-2025[0-3]sunburst_decoder
SUNBURST DGA decodercisco_ppc_rsp
A debugger in Python for Cisco c3560Love Open Source and this site? Check out how you can help us