h3xduck/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
CGPL-3.0
Issues
- 5
segmentation fault when execute_command and the stack overflow caused by parameters
#40 opened by firmianay - 4
- 0
- 1
Verifier issue when running XDP module
#50 opened by h3xduck - 1
- 1
Rootkit self-destroying
#28 opened by h3xduck - 10
Permission Denied: classifier_egress not load
#49 opened by brielino - 0
- 5
Cannot injector to victim with -c option
#46 opened by tarihub - 0
When run deploy.sh, i meet loadbpf: load bpf program failed: Permission denied.
#45 opened by woodyu995 - 3
Makefile 102row -lbpf? how do i install it
#43 opened by kay6666 - 5
- 1
user/kit.c:395:40: error: ‘XDP_FLAGS_REPLACE’ undeclared (first use in this function)
#42 opened by pythonmandev - 12
make all error~
#39 opened by 0x7e-1sq - 0
- 1
Activate the userspace runtime config for active ebpf modules from the remote client connected to the backdoor.
#14 opened by h3xduck - 1
- 0
Scanning and writing module at processes memory
#35 opened by h3xduck - 0
- 0
- 0
Use openssl to create secure channel connections
#36 opened by h3xduck - 0
- 0
Final C2 version
#31 opened by h3xduck - 0
- 0
- 0
Adding more syscalls for the library injection + using the injected library for some PoC like action
#30 opened by h3xduck - 0
- 0
- 0
TFG documentation writing
#34 opened by h3xduck - 0
Rootkit persistance
#29 opened by h3xduck - 0
- 0
Multi-machine simulation for C2
#27 opened by h3xduck - 0
Library injection in running processes
#25 opened by h3xduck - 0
We can issue a write syscall whenever we want via bpf_printk. This may lead somewhere
#24 opened by h3xduck - 0
Explore uprobes
#21 opened by h3xduck - 0
- 0
Modularize the rootkit, enable activation/deactivation of modules at runtime from the userspace program
#13 opened by h3xduck - 1
Allow for overwritten read calls to have different size (investigate on fstat modification)
#17 opened by h3xduck - 0
Modify output of read calls
#11 opened by h3xduck - 0
- 0
Fix the client built with rawtcp lib. For some reason it is sending malformed messages while on the VM.
#2 opened by h3xduck - 0
hook with XDP (external data path)
#3 opened by h3xduck - 0
Write an arbitrary length payload at any packet independently of its original length
#4 opened by h3xduck - 0
Arbitrarily increase/decrease packet size
#5 opened by h3xduck - 0
Research about what is TX
#7 opened by h3xduck - 0
Capture the transmission answering
#6 opened by h3xduck - 0
Hide the XDP program at 'ip link' output
#1 opened by h3xduck