9bie / sshdhooker Goto Github PK

测试系统：Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Hello, I hope to get help, I have a problem with the test under centos6.10, kernel 2.6.32

num = ptrace(PTRACE_PEEKUSER, target_pid, ORIG_RAX * 8, NULL);
if(num ==257){

What is this 257? In kernel-2.6.32 will not return 257.
How much should be returned in kernel-2.6.32?

你好,在浏览了你的开发的项目后,想定制软件,不知道你那边可以合作承接

uname -a
Linux ecs-2817 4.18.0-147.5.1.el8_1.aarch64 #1 SMP Tue Feb 4 23:44:08 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux

target: CloudLinux release 6.10 (Final)
core:2.6.32-754.35.1.el6.x86_64 #1 SMP Sat Nov 7 12:42:14 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

beacon> shell ./sshdHooker_x64.sh
[] Tasked beacon to run: ./sshdHooker_x64.sh
[] Hello,Dog cs.
[+] host called home, sent: 50 bytes
[+] received output:
/bin/sh: ./sshdHooker_x64.sh: Permission denied

beacon> shell /bin/bash ./sshdHooker_x64.sh
[] Tasked beacon to run: /bin/bash ./sshdHooker_x64.sh
[] Hello,Dog cs.
[+] host called home, sent: 60 bytes
[+] received output:
/tmp/.g.c: In function �update_entry�:
/tmp/.g.c:215: warning: implicit declaration of function �getpagesize�
/tmp/.i.c: In function �ManualGC�:
/tmp/.i.c:367: warning: �return� with a value, in function returning void
/tmp/.i.c:373: warning: assignment makes integer from pointer without a cast
/tmp/.i.c:377: warning: �return� with a value, in function returning void
/tmp/.i.c: In function �Inject_Shellcode�:
/tmp/.i.c:491: warning: assignment makes integer from pointer without a cast
/tmp/.i.c: In function �WaitforLibPAM�:
/tmp/.i.c:560: warning: assignment makes pointer from integer without a cast
/tmp/.i.c: In function �main�:
/tmp/.i.c:621: warning: passing argument 4 of �pthread_create� makes pointer from integer without a cast
/usr/include/pthread.h:225: note: expected �void * __restrict__� but argument is of type �long int�
nohup: failed to run command `/tmp/.i': Permission denied

gcc -shared inject_got.c -ldl -fPIC -o test2.so -std=c99
inject_got.c: In function ‘update_entry’:
inject_got.c:216: warning: implicit declaration of function ‘getpagesize’

gcc sshdHooker.c shellcode.s -g -o inject -ldl -lpthread
sshdHooker.c: In function ‘ManualGC’:
sshdHooker.c:366: warning: ‘return’ with a value, in function returning void
sshdHooker.c:372: warning: assignment makes integer from pointer without a cast
sshdHooker.c:376: warning: ‘return’ with a value, in function returning void
sshdHooker.c: In function ‘Inject_Shellcode’:
sshdHooker.c:490: warning: assignment makes integer from pointer without a cast
sshdHooker.c: In function ‘WaitforLibPAM’:
sshdHooker.c:559: warning: assignment makes pointer from integer without a cast
sshdHooker.c: In function ‘main’:
sshdHooker.c:620: warning: passing argument 4 of ‘pthread_create’ makes pointer from integer without a cast
/usr/include/pthread.h:225: note: expected ‘void * restrict’ but argument is of type ‘long int’

ls
./ ../ inject* inject_got.c shellcode.s sshdHooker.c test2.so*

bash ./inject 1930
./inject: ./inject: cannot execute binary file

非root用户，普通用户权限可以使用么？

如果服务器在外网被一直爆破 会一直出现sshd 僵尸进程无法释放的问题，导致服务器ps -aux 出现几千个sshd的进程

是不是clone下来的代码 要做适配性修改，直接运行代码 在/tmp下没有生成密码文件，但是ssh服务可以正常使用