Giter Site home page Giter Site logo

dt_infect's Introduction

dt_infect v1.0

Author: ElfMaster 2/15/19 - [email protected]

ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD

NOTE: It does not work on PIE executables because it uses a reverse text padding infection to create room
for .dynstr. This could be replaced with a text padding infection, or a PT_NOTE to PT_LOAD conversion
infection in order to store the .dynstr; then it would be compatible with PIE executables.

# Build
git clone https://github.com/elfmaster/libelfmaster
cd libelfmaster; make; sudo make install
https://github.com/elfmaster/dt_infect/issues
# Example

-- Run test before it is infected

$ ./test
Don't infect me please

-- Then inject libevil.so into test and hijack puts()

$ make
$ ./inject libevil.so test
Updating .dynstr section
Modified d_entry.value of DT_STRTAB to: 3ff040 (index: 9)
Successfully injected 'libevil.so' into target: 'test'. Make sure to move 'libevil.so' into one of the shared object search paths, i.e. /lib/x86_64-gnu-linux/
$ readelf -d test | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [libevil.so]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
$ ./test
D0n'7 1nf3c7 m3 pl3453

# Further work with obfuscation

I will give a hint, since adding this extra layer of obfuscation will make this DT_NEEDED
much harder to detect... but there are several pieces of software out there that can obfuscate
the dynamic string table, which will prevent DT_NEEDED from showing up. The simplest formula
is to zero out .dynstr in the target binary, and inject some constructor code that replaces it
at runtime. @ulexec wrote a much better one that uses a custom runtime resolver.

dt_infect's People

Contributors

elfmaster avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

dt_infect's Issues

inject failure

I use the inject tool, but fail to inject the test file.
微信图片_20201018104547

Can I use dt_infect to work on .so file?

Example case:

  • excutable: a.out
  • linked .so file: libmath.so
  • function in .so file that called by excutable: int add(int, int)
  • target: Using function interposition to print the arguments of add.

I tried with dt_inject. Put a new int add(int, int) function in libevil.so in the same manner as the example.
Then tried:

./inject libevil.so libmath.so

Outputs says "Successfully injected".
However when I tried to run a.out, the loader came with the error:
ELF load command address/offset not properly aligned.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.