p0p0p0 / ptrace Goto Github PK
View Code? Open in Web Editor NEWThis project forked from qax-a-team/ptrace
a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
This project forked from qax-a-team/ptrace
a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志 程序仅作原理演示使用 ylbhz@hk:~/work/c/ptrace$ gcc --version gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 ylbhz@hk:~/work/c/ptrace$ make gcc -Wall -c ptrace.c -o ptrace.o gcc -Wall -c anonyexec.c -o anonyexec.o gcc -o ptrace ptrace.o anonyexec.o elfreader.o ylbhz@hk:~/work/c/ptrace$ ./ptrace child pid = 3763 EIP: _start 4049a0 RSP: 7ffc4f394e60 RSP + 8 => RDX(char **ubp_av) to __libc_start_main argc: 3 src: ubp_av[1]: 3abb6677��@ dst: upb_av[1]: -a src: ubp_av[2]: 3abb6677��@ dst: upb_av[2]: -l ylbhz@hk:~/work/c/ptrace$ total 76 drwxrwxr-x 2 ylbhz ylbhz 4096 Jan 7 10:34 . drwx------ 16 ylbhz ylbhz 4096 Dec 29 15:08 .. -rw-rw-r-- 1 ylbhz ylbhz 349 Jan 3 18:39 Makefile -rw-rw-r-- 1 ylbhz ylbhz 1 Jan 7 10:31 README -rw-rw-r-- 1 ylbhz ylbhz 681 Jan 3 18:24 anonyexec.c -rw-rw-r-- 1 ylbhz ylbhz 226 Jan 3 17:59 anonyexec.h -rw-rw-r-- 1 ylbhz ylbhz 2680 Jan 7 10:34 anonyexec.o -rw-rw-r-- 1 ylbhz ylbhz 527 Jan 3 18:05 common.h -rw-rw-r-- 1 ylbhz ylbhz 230 Jan 3 19:00 elfreader.c -rw-rw-r-- 1 ylbhz ylbhz 142 Jan 3 18:59 elfreader.h -rw-rw-r-- 1 ylbhz ylbhz 1656 Jan 3 19:00 elfreader.o -rwxrwxr-x 1 ylbhz ylbhz 13992 Jan 7 10:34 ptrace -rw-rw-r-- 1 ylbhz ylbhz 2123 Jan 4 11:24 ptrace.c -rw-rw-r-- 1 ylbhz ylbhz 328 Jan 4 10:38 ptrace.h -rw-rw-r-- 1 ylbhz ylbhz 4768 Jan 7 10:34 ptrace.o ================= AUDITD execve test ========================= type=PATH msg=audit(1546831731.460:100): item=0 name="./ptrace" inode=11017404 dev=08:06 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1546831731.460:100): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=1835390 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1546831731.460:100): proctitle="./ptrace" type=SYSCALL msg=audit(1546831731.464:101): arch=c000003e syscall=59 success=yes exit=0 a0=7ffd846ee3d0 a1=7ffd846ee660 a2=0 a3=598 items=2 ppid=7971 pid=7972 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=4294967295 comm="3" exe=2F6D656D66643A656C66202864656C6574656429 key="rule01_exec" type=EXECVE msg=audit(1546831731.464:101): argc=3 a0="/proc/self/fd/3" a1="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686" a2="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.