Comments (5)
It looks like the initial handshake between the backdoor and the client is not being completed correctly.
Some things you may check are whether:
- Both VMs can communicate between themselves
- You are first installing the rootkit with the script, then running the client
- An initial TCP packet with payload CC_SYN is being delivered at the machine with the rootkit (using wireshark or similar)
- A TCP packet with payload CC_ACK is being sent from the machine with the rootkit.
from triplecross.
Thanks for your reply~
You are right, it's the initial handshake between the backdoor and the client.
- Both VMs can communicate between themselves
attacker: 192.168.192.168
victim: 192.168.192.169
- I try to install the rootkit through
git clone https://github.com/h3xduck/TripleCross
cd TripleCross/src
make all
cd ../client
make
cd ../helpers
./packager.sh
And all goes well, but I can't receive a shell from victim
- CC_SYN can send to the victim machine
- Attacker can't receive CC_ACK from victim machine
from triplecross.
It seems like the initial handshake is dial to 9000 port, Do I need to listen on 9000 port with nc
?
I try to listen on 9000 port with nc
, but I can't get any response
What may the problem? Looking forward to your reply~
from triplecross.
Oh, I just realised. If you look at the README you'll see that I prepared this client mode (using -c) to only work after activating the execution hijacking module (you'll need to configure the parameters described at https://github.com/h3xduck/TripleCross#execution-hijacking-module for the attack to happen and thus start to listen for connections).
If you just want test the backdoor and spawn a shell, use the -e or -s flags, those definitely work out of the box.
from triplecross.
Yeah! -e and -s flags can spawn a shell well~ Thanks for your patience.
I want to use -c flag to spawn a shell according to README.
Maybe it is my misunderstanding using, It can't work.
from triplecross.
Related Issues (20)
- Final C2 version
- Update C2 V1 to work with complete protocol (shown in image sent by email)
- Update library for new hidden protocol with packet splitting
- TFG documentation writing
- Scanning and writing module at processes memory
- Use openssl to create secure channel connections
- Enhancement: try to hide used space from df and other userspace tools
- make all error~ HOT 12
- segmentation fault when execute_command and the stack overflow caused by parameters HOT 5
- TC program compilation __stack_chk_fail not supported HOT 4
- user/kit.c:395:40: error: ‘XDP_FLAGS_REPLACE’ undeclared (first use in this function) HOT 1
- Makefile 102row -lbpf? how do i install it HOT 3
- Library injection path error: Segfault simple_timer and simple_open HOT 5
- When run deploy.sh, i meet loadbpf: load bpf program failed: Permission denied.
- libssl.so.1.1: cannot open shared object file: No such file or directory
- make with libbpf 1.0.1: undefined reference to `bpf_get_link_xdp_id' HOT 1
- Permission Denied: classifier_egress not load HOT 10
- Verifier issue when running XDP module HOT 1
- error: unknown target triple 'bpf', please use -triple or -arch
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from triplecross.