• Stars
    star
    236
  • Rank 170,480 (Top 4 %)
  • Language
    C
  • Created almost 6 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
a PoC for Linux to get around agents that log commands being executed, without root privilege.

Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
程序仅作原理演示使用

ylbhz@hk:~/work/c/ptrace$ gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609

ylbhz@hk:~/work/c/ptrace$ make
gcc -Wall -c ptrace.c -o ptrace.o
gcc -Wall -c anonyexec.c -o anonyexec.o
gcc -o ptrace ptrace.o anonyexec.o elfreader.o 

ylbhz@hk:~/work/c/ptrace$ ./ptrace 
child pid = 3763
EIP: _start 4049a0 
RSP: 7ffc4f394e60
RSP + 8 => RDX(char **ubp_av) to __libc_start_main
argc: 3
src: ubp_av[1]: 3abb6677��@
dst: upb_av[1]: -a
src: ubp_av[2]: 3abb6677��@
dst: upb_av[2]: -l
ylbhz@hk:~/work/c/ptrace$ total 76
drwxrwxr-x  2 ylbhz ylbhz  4096 Jan  7 10:34 .
drwx------ 16 ylbhz ylbhz  4096 Dec 29 15:08 ..
-rw-rw-r--  1 ylbhz ylbhz   349 Jan  3 18:39 Makefile
-rw-rw-r--  1 ylbhz ylbhz     1 Jan  7 10:31 README
-rw-rw-r--  1 ylbhz ylbhz   681 Jan  3 18:24 anonyexec.c
-rw-rw-r--  1 ylbhz ylbhz   226 Jan  3 17:59 anonyexec.h
-rw-rw-r--  1 ylbhz ylbhz  2680 Jan  7 10:34 anonyexec.o
-rw-rw-r--  1 ylbhz ylbhz   527 Jan  3 18:05 common.h
-rw-rw-r--  1 ylbhz ylbhz   230 Jan  3 19:00 elfreader.c
-rw-rw-r--  1 ylbhz ylbhz   142 Jan  3 18:59 elfreader.h
-rw-rw-r--  1 ylbhz ylbhz  1656 Jan  3 19:00 elfreader.o
-rwxrwxr-x  1 ylbhz ylbhz 13992 Jan  7 10:34 ptrace
-rw-rw-r--  1 ylbhz ylbhz  2123 Jan  4 11:24 ptrace.c
-rw-rw-r--  1 ylbhz ylbhz   328 Jan  4 10:38 ptrace.h
-rw-rw-r--  1 ylbhz ylbhz  4768 Jan  7 10:34 ptrace.o


================= AUDITD execve test =========================
type=PATH msg=audit(1546831731.460:100): item=0 name="./ptrace" inode=11017404 dev=08:06 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1546831731.460:100): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=1835390 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1546831731.460:100): proctitle="./ptrace"
type=SYSCALL msg=audit(1546831731.464:101): arch=c000003e syscall=59 success=yes exit=0 a0=7ffd846ee3d0 a1=7ffd846ee660 a2=0 a3=598 items=2 ppid=7971 pid=7972 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=4294967295 comm="3" exe=2F6D656D66643A656C66202864656C6574656429 key="rule01_exec"
type=EXECVE msg=audit(1546831731.464:101): argc=3 a0="/proc/self/fd/3" a1="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686" a2="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686"

More Repositories

1

BrowserGhost

这是一个抓取浏览器密码的工具,后续会添加更多功能
C#
1,380
star
2

LuWu

红队基础设施自动化部署工具
Python
843
star
3

WeblogicEnvironment

Weblogic环境搭建工具
Shell
766
star
4

sharpwmi

sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
C#
707
star
5

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.
C++
584
star
6

CobaltStrike-Toolset

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
PowerShell
518
star
7

EventLogMaster

Cobalt Strike插件 - RDP日志取证&清除
PowerShell
358
star
8

PandaSniper

Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物
C#
219
star
9

HideShell

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
Java
213
star
10

redis_lua_exploit

Python
145
star
11

NtlmSocks

a pass-the-hash tool
Go
107
star
12

SerialWriter

SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
Java
101
star
13

ptyshell

A reverse PTY shell in C
C
100
star
14

openssh-7.6p1-patch

a patched sshd for red team activities
C
81
star
15

getpass

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz
C++
76
star
16

dcpwn

an impacket-dependent script exploiting CVE-2019-1040
Python
72
star
17

mscache

a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacket
Python
67
star
18

KerberosUserEnum

Kerberos accounts enumeration taking advantage of AS-REQ
Python
43
star
19

Papers

Papers
34
star
20

CVE-2018-20250

010 Editor template for ACE archive format & CVE-2018-2025[0-3]
Python
25
star
21

sunburst_decoder

SUNBURST DGA decoder
C#
11
star
22

cisco_ppc_rsp

A debugger in Python for Cisco c3560
Python
10
star