Hijack open/read(/etc/hosts) directly

damnever / hosts-hijacking

[NSFW] Hijack UDP-based(libc recvfrom) DNS A/AAAA response with LD_PRELOAD.

BSD 3-Clause "New" or "Revised" License

3 stars 2 forks source link

Hijack open/read(/etc/hosts) directly #1

Open damnever opened 4 years ago

damnever commented 4 years ago

For golang(netcgo): echo "hosts: files dns" > /etc/nsswitch.conf ?

Syscall:

open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=272, ...}) = 0
read(3, "127.0.0.1\tlocalhost\n\n# The follo"..., 4096) = 272
read(3, "", 4096)                       = 0
close(3)

damnever commented 4 years ago

golang(netcgo) not reading /etc/hosts if I use https://github.com/damnever/hosts-hijacking/blob/feat/hostsfile/hostsfile/hijacking.c