h3xduck TripleCross issues

h3xduck / TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

GNU General Public License v3.0

1.79k stars 221 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

src/Makefile: Fix #41 and #48 in compiling

#52 void0red opened 7 months ago
0
error: unknown target triple 'bpf', please use -triple or -arch

#51 homelanmder opened 1 year ago
0
Verifier issue when running XDP module

#50 h3xduck closed 1 year ago
1
Permission Denied: classifier_egress not load

#49 brielino closed 1 year ago
10
make with libbpf 1.0.1: undefined reference to `bpf_get_link_xdp_id'

#48 tstromberg opened 1 year ago
1
libssl.so.1.1: cannot open shared object file: No such file or directory

#47 yaunsky closed 2 years ago
0
Cannot injector to victim with -c option

#46 tarihub opened 2 years ago
5
When run deploy.sh, i meet loadbpf: load bpf program failed: Permission denied.

#45 woodyu995 opened 2 years ago
0
Library injection path error: Segfault simple_timer and simple_open

#44 h3xduck opened 2 years ago
5
Makefile 102row -lbpf？ how do i install it

#43 kay6666 opened 2 years ago
3
user/kit.c:395:40: error: ‘XDP_FLAGS_REPLACE’ undeclared (first use in this function)

#42 pythonmandev closed 2 years ago
1
TC program compilation __stack_chk_fail not supported

#41 h3xduck closed 2 years ago
4
segmentation fault when execute_command and the stack overflow caused by parameters

#40 firmianay closed 1 year ago
5
make all error~

#39 0x7e-1sq closed 2 years ago
12
Enhancement: try to hide used space from df and other userspace tools

#38 osevan opened 2 years ago
0
Backdoor update

#37 h3xduck closed 2 years ago
0
Use openssl to create secure channel connections

#36 h3xduck closed 2 years ago
0
Scanning and writing module at processes memory

#35 h3xduck closed 2 years ago
0
TFG documentation writing

#34 h3xduck closed 2 years ago
0
Update library for new hidden protocol with packet splitting

#33 h3xduck closed 2 years ago
0
Update C2 V1 to work with complete protocol (shown in image sent by email)

#32 h3xduck closed 2 years ago
0
Final C2 version

#31 h3xduck closed 2 years ago
0
Adding more syscalls for the library injection + using the injected library for some PoC like action

#30 h3xduck closed 2 years ago
0
Rootkit persistance

#29 h3xduck closed 2 years ago
0
Rootkit self-destroying

#28 h3xduck opened 2 years ago
1
Multi-machine simulation for C2

#27 h3xduck closed 2 years ago
0
Library injection + sudo bypass + initial version of C2

#26 h3xduck closed 2 years ago
0
Library injection in running processes

#25 h3xduck closed 2 years ago
0
We can issue a write syscall whenever we want via bpf_printk. This may lead somewhere

#24 h3xduck opened 2 years ago
0
Create a program deployer (also creating the needed helpers)

#23 h3xduck closed 2 years ago
0
Use TC program to filter egress traffic and camouflage c&c traffic

#22 h3xduck closed 2 years ago
0
Explore uprobes

#21 h3xduck opened 2 years ago
0
Protection of private and protected maps from foreign programs

#20 h3xduck opened 2 years ago
0
Initial version of C2: Remote Code Execution via an execve hijacking scheme

#19 h3xduck closed 2 years ago
0
Basic user memory manipulation + Control over rootkit modules and probes + Basic communication system

#18 h3xduck closed 2 years ago
0
Allow for overwritten read calls to have different size (investigate on fstat modification)

#17 h3xduck opened 2 years ago
1
Intercept sudo calls and fake returned value to elevate privileges of a user

#16 h3xduck closed 2 years ago
1
Hide alert messages about bpf_probe_write_user at kernel buffer

#15 h3xduck opened 2 years ago
0
Activate the userspace runtime config for active ebpf modules from the remote client connected to the backdoor.

#14 h3xduck opened 2 years ago
1
Modularize the rootkit, enable activation/deactivation of modules at runtime from the userspace program

#13 h3xduck closed 2 years ago
0
General communication system kernel->userspace via ring buffer and maps

#12 h3xduck closed 2 years ago
0
Modify output of read calls

#11 h3xduck closed 2 years ago
0
Hide the executable and a directory for some rootkit binaries

#10 h3xduck closed 2 years ago
0
First eBPF codebase, W+R access to incoming traffic and included PoC

#9 h3xduck closed 2 years ago
0
Recognize interesting outgoing network traffic

#8 h3xduck closed 2 years ago
0
Research about what is TX

#7 h3xduck opened 2 years ago
0
Capture the transmission answering

#6 h3xduck opened 2 years ago
0
Arbitrarily increase/decrease packet size

#5 h3xduck closed 2 years ago
0
Write an arbitrary length payload at any packet independently of its original length

#4 h3xduck closed 2 years ago
0
hook with XDP (external data path)

#3 h3xduck closed 2 years ago
0