Using ncat as a client for accept() hook is flawed idea

chokepoint / azazel

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

GNU General Public License v2.0

767 stars 177 forks source link

Using ncat as a client for accept() hook is flawed idea #1

Closed infodox closed 10 years ago

infodox commented 10 years ago

tl;dr ncat makes a crap client for PTY's. A simple modification of the following should work though:

https://github.com/infodox/python-pty-shells/blob/master/tcp_pty_shell_handler.py

chokepoint commented 10 years ago

I completely agree, you can also use socat -,raw,echo=0 TCP:target:port,bind=:61040 and then just paste in the password. Otherwise, you'll have to deal with ^d to send up to the last char in netcat. I'll throw a link to your project in the readme, thanks for the share.

chokepoint commented 10 years ago

aaaaand it's done. Marking as closed.