CTF导航 CTF导航

sshd_backdoor

渗透技巧 1年前 (2023) admin
388 0 0

sshd_backdoor

This Project is based on BlackHat USA 2021 and Defcon 29.

About Using ebpf technique, hijacking the process during sshd service getting the ~/.ssh/authorized_keys to authorize user logging and injecting our public key make our login successful.

Demo

sshd_backdoor

Main Process in ebpf program

  1. Hook OpenAt syscall enter: check if the sshd process call this, log the pid of sshd.

  2. Hook OpenAt Syscall exit: check the pid logged. logging the fd of pid, map pid->fd.

  3. Hook Read Syscall enter: check the pid logged. logging the user_space_char_buffer of pid.

  4. Hook Read Syscall exit: check the pid logged. find the buffer and change the buffer into our Key. Then delete pid in map to avoid blocking administrators’ keys be read.

Usage

make build

By the way

sshd keylogging

make bpftrace_keylogging

which logging all message in sshd process. Of Course the key log.

 

原文始发于Github:sshd_backdoor

版权声明:admin 发表于 2023年1月28日 下午10:58。
转载请注明:sshd_backdoor | CTF导航

相关文章

Discord钓鱼攻击案例分析
admin
723
新年献礼:使用 Yakit 打破 Java 序列化协议语言隔离
admin
988
Sliver C2についての調査
admin
703
Numen安全研究员发现Apache Linkis漏洞CVE-2022-44645
admin
393
職業としてのセキュリティ–セキュリティ人材の未来とは?
admin
140
邮件可信其二内容可信
admin
301

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

每日安全动态推送(4-18)
0
Weblogic RCE(CVE-2024-21006)
0
OpenClinic GA 5.247.01 – Path Traversal (Authenticated)
0
Jenkins 2.441 – Local File Inclusion
0
Catcher(捕手)
0
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
0
PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338)
0
Active Directory – Read Only Domain Controller
0
每日安全动态推送(4-16)
0
每日安全动态推送(4-15)
0