creaktive/tsh

Круто, но не работает.

Closed this issue · 2 comments

kotee4ko commented 
root@by119:/sbin# strace ./tshd 
execve("./tshd", ["./tshd"], [/* 21 vars */]) = 0
brk(0)                                  = 0x1ad4000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb67483b000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=34882, ...}) = 0
mmap(NULL, 34882, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb674832000
close(3)                                = 0
open("/lib64/libutil.so.1", O_RDONLY)   = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=15056, ...}) = 0
mmap(NULL, 2105600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb674419000
mprotect(0x7fb67441b000, 2093056, PROT_NONE) = 0
mmap(0x7fb67461a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fb67461a000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1924768, ...}) = 0
mmap(NULL, 3750184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb674085000
mprotect(0x7fb67420f000, 2097152, PROT_NONE) = 0
mmap(0x7fb67440f000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7fb67440f000
mmap(0x7fb674415000, 14632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb674415000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb674831000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb674830000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb67482f000
arch_prctl(ARCH_SET_FS, 0x7fb674830700) = 0
mprotect(0x7fb67440f000, 16384, PROT_READ) = 0
mprotect(0x7fb67461a000, 4096, PROT_READ) = 0
mprotect(0x7fb67483c000, 4096, PROT_READ) = 0
munmap(0x7fb674832000, 34882)           = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb6748309d0) = 7243
exit_group(0)                           = ?
+++ exited with 0 +++

root@by119:/sbin# ps -A -all | grep 7243
root@by119:/sbin# ps -A -all | grep tshd
root@by119:/sbin# ^C
kotee4ko commented

я написал скрытную штуку на асм. скажите, как расширить сегмент .text у бинарника, что бы ее туда вживить?
спасибо.

creaktive commented

Это типа, https://github.com/creaktive/inPEct/ ?
Под Линукс, увы, сам не умею ¯\_(ツ)_/¯