linuxthor’s gists

linuxthor / dbus-message.c

Created November 20, 2020 12:03

dbus-message.c

	// linuxthor
	//
	// Showing how to open a socket connection to dbus and do 'raw' messages (i.e. just sending
	// some bytes and not worrying about weird stuff like Dict of{String, Variant} or whatever
	// for the moment..)
	//
	// Started off fun but the whole thing is surprisingly bulky & annoying tbh

	#include <stdio.h>
	#include <stdlib.h>

linuxthor / sftp-gotchas.txt

Created November 11, 2020 09:30

sftp-gotchas.txt

	A couple of thoughts about SFTP & SCP
	=====================================

	SCP looks long in the tooth now and people have come to talk about deprecating it entirely. This
	is due to SCP being the spiritual successor of RCP and inheriting a bunch of cruft that makes it
	vulnerable to stuff like CVE-2019-6111 (the one where the server could overwrite arbitrary files
	on the client) and CVE-2020-15778 (the one where shell commands could be put in backticks in
	filenames) so SFTP seems to be the replacement.. It's a more flexible protocol for sure but there
	can be a gotcha not present with SCP..

linuxthor / elfdestruct.asm

Last active October 21, 2020 14:11

ELF overwrites itself in memory while executing

	; linuxthor
	;
	; ELF destruct
	;
	; this file, when executed, will overwrite it's own image in memory
	;
	; nasm -f bin -o elfdestruct elfdestruct.asm

	BITS 64
	org 0x010000

linuxthor / randstruct-notes.txt

Last active September 29, 2020 15:23

Visualise the effect of the GCC randstruct plugin on some struct layout

	The 'mizers dream
	=================

	The GCC randstruct plugin (randomize_layout_plugin.c) by Open Source Security, Inc., Brad Spengler and PaX Team
	allows some sensitive structures in the Linux Kernel to have their layout shuffled. The aim is to obfuscate the
	location of sensitive data (e.g some function pointers) and make certain types of exploitation more difficult.
	It's explained in detail here: https://lwn.net/Articles/722293/

	The randstruct plugin is built with a randomisation seed included (randomize_layout_seed.h) which is generated
	at compile time by the gen-random-seed.sh script:

linuxthor / kfindsymprobe.c

Created September 11, 2020 21:55

Use a kprobe to find the address of some kernel symbol

	#include <linux/module.h>
	#include <linux/init.h>
	#include <linux/kernel.h>
	#include <linux/kprobes.h>

	static struct kprobe kp = {
	.symbol_name = "kallsyms_lookup_name"
	};

	int init_module(void)

linuxthor / kfindmodhide.c

Created September 11, 2020 09:43

A couple of ways to find hidden LKM

linuxthor / kprobafunc.c

Created September 9, 2020 21:16

Attach a kprobe to some function - simple example

	#include <linux/module.h>
	#include <linux/init.h>
	#include <linux/kernel.h>
	#include <linux/kprobes.h>

	char *mota = "__NO__";

	static int kp_pre_handler(struct kprobe p, struct pt_regs regs)
	{
	// kprobe pre 'hook'

linuxthor / kpatchproc.c

Created September 8, 2020 15:29

Find running userspace processes of some type and patch them

linuxthor / ktskstruct.c

Created September 7, 2020 16:07

Find some task struct by iterating

linuxthor / kmemfun.c

Last active September 16, 2020 18:29

Copy kernel module function and execute