This document describes a new syscall hooking technique for Linux systems and exposes how it can be implemented as part of a virus or a backdoor in order to take full control over an userland application. Although there are some well- known methods for hooking functions, they are mostly based on the ELF format itself. This technique is focused on those pieces of code that are externally called by the main program and invoke a system call or system service.
30fdbdfab2efb4eab95a25eb94384d63a0a3f4af1470486ff3e9730bb54e262cPitbull is an example of a system that takes advantage of a process address space in order to execute ELF binaries. It is primarily useful for building post-exploitation frameworks and rootkits.
6b8aa7b6377d967b86b1fd1628c9963bcc5c4633bc33d92b9ab83b2f2de35b2aVarious Java development kits all suffer from a jar tool directory traversal vulnerability.
dd8273fc003847bed700dff37cd4bd5cfb910422db91bfed77a781284a19ad78First public released of libvg, a runtime process manipulation library. Libvg was designed to provide a powerful and portable interface for writing non-complex programs that can get or change information of processes on the system.
6cd35b18473ff6e881f833beb66fec0945da66f0b773f0b6ddbca106622065fbScanner to look up infection techniques that can be used in ELF modules. Includes function hijacking, relocation files, etc. Runs on linux 2.4.X.
dcd0e0b68ca65f72ca23959a54204f1f589d2cac48c5840fd77dc0b45db13d17PluSHS allows a user to resolve the names of a single IP address or entire network of addresses to maintain a "map" of the names that comprise a certain network.
0d5bddb0ccc196ba0c98783a19d57e738ffda70e5cd718a83e2c996cfb0a742c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed