Giter Site home page Giter Site logo

p0p0p0 / ptrace Goto Github PK

View Code? Open in Web Editor NEW

This project forked from qax-a-team/ptrace

0.0 1.0 0.0 12 KB

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志

Makefile 8.21% C 91.79%

ptrace's Introduction

a PoC for Linux to get around agents that log commands being executed, without root privilege.

Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
程序仅作原理演示使用

ylbhz@hk:~/work/c/ptrace$ gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609

ylbhz@hk:~/work/c/ptrace$ make
gcc -Wall -c ptrace.c -o ptrace.o
gcc -Wall -c anonyexec.c -o anonyexec.o
gcc -o ptrace ptrace.o anonyexec.o elfreader.o 

ylbhz@hk:~/work/c/ptrace$ ./ptrace 
child pid = 3763
EIP: _start 4049a0 
RSP: 7ffc4f394e60
RSP + 8 => RDX(char **ubp_av) to __libc_start_main
argc: 3
src: ubp_av[1]: 3abb6677��@
dst: upb_av[1]: -a
src: ubp_av[2]: 3abb6677��@
dst: upb_av[2]: -l
ylbhz@hk:~/work/c/ptrace$ total 76
drwxrwxr-x  2 ylbhz ylbhz  4096 Jan  7 10:34 .
drwx------ 16 ylbhz ylbhz  4096 Dec 29 15:08 ..
-rw-rw-r--  1 ylbhz ylbhz   349 Jan  3 18:39 Makefile
-rw-rw-r--  1 ylbhz ylbhz     1 Jan  7 10:31 README
-rw-rw-r--  1 ylbhz ylbhz   681 Jan  3 18:24 anonyexec.c
-rw-rw-r--  1 ylbhz ylbhz   226 Jan  3 17:59 anonyexec.h
-rw-rw-r--  1 ylbhz ylbhz  2680 Jan  7 10:34 anonyexec.o
-rw-rw-r--  1 ylbhz ylbhz   527 Jan  3 18:05 common.h
-rw-rw-r--  1 ylbhz ylbhz   230 Jan  3 19:00 elfreader.c
-rw-rw-r--  1 ylbhz ylbhz   142 Jan  3 18:59 elfreader.h
-rw-rw-r--  1 ylbhz ylbhz  1656 Jan  3 19:00 elfreader.o
-rwxrwxr-x  1 ylbhz ylbhz 13992 Jan  7 10:34 ptrace
-rw-rw-r--  1 ylbhz ylbhz  2123 Jan  4 11:24 ptrace.c
-rw-rw-r--  1 ylbhz ylbhz   328 Jan  4 10:38 ptrace.h
-rw-rw-r--  1 ylbhz ylbhz  4768 Jan  7 10:34 ptrace.o


================= AUDITD execve test =========================
type=PATH msg=audit(1546831731.460:100): item=0 name="./ptrace" inode=11017404 dev=08:06 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1546831731.460:100): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=1835390 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1546831731.460:100): proctitle="./ptrace"
type=SYSCALL msg=audit(1546831731.464:101): arch=c000003e syscall=59 success=yes exit=0 a0=7ffd846ee3d0 a1=7ffd846ee660 a2=0 a3=598 items=2 ppid=7971 pid=7972 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=4294967295 comm="3" exe=2F6D656D66643A656C66202864656C6574656429 key="rule01_exec"
type=EXECVE msg=audit(1546831731.464:101): argc=3 a0="/proc/self/fd/3" a1="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686" a2="3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686"

ptrace's People

Contributors

feb30th avatar n1nty avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.