+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Hacking Tools (https://sinister.ly/Forum-Hacking-Tools)
+--- Thread: Injecting modules in Linux (/Thread-Injecting-modules-in-Linux)
Injecting modules in Linux - w00t - 05-06-2016
I'm back bitches.
Today we're going to learn how to inject a dynamic library into any program on any Linux computer that uses glibc.
First off, what is the module we're injecting? Well, for now, let's keep it simple.
Code:
#include <stdio.h>
__attribute__((constructor)) static void proof() // This is the equivalent of DLLMain for glibc
{
printf("SUH DUDE\r\n");
}Now, let's say we want to inject that l337 haxor module into "cat". We simply add "LD_PRELOAD=$(pwd)/module.so" before the command, making the whole command "LD_PRELOAD=$(pwd)/module.so cat module.cpp"
Code:
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so cat module.cpp
SUH DUDE
#include <stdio.h>
__attribute__((constructor)) static void proof() // This is the equivalent of DLLMain for glibc
{
printf("SUH DUDE\r\n");
}Look at that, the injection worked. It's almost like I've done this before. Now, let's have some fun with this. Let's change the injected code so it makes cat do nothing.
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
ssize_t write( int fd, const void *buf, size_t count )
{
return fd; // had to return something *shrugs*
}
__attribute__((constructor)) void _init()
{
//write(1, "FUCKSHIT\r\n", 10);
}Now...
Code:
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so cat module.cpp
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so cat module.cpp
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so cat module.cpp
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so cat module.cppLook at that, I broke the cat. Someone tell the police, that's in the Macdonald triangle, I'm probably going to... continue to be a sociopath? I don't know.
ANYWAY. Fun fact for you, you can't inject using LD_PRELOAD into a setuid binary, such as sudo.
But, there's a lovely file, /etc/ld.so.preload. Drop the full path of your executable into that bitch, it'll get injected into all binaries whether or not they are setuid. Sounds like a fun way to inject into every running executable to me!
Code:
user@laptop:~/Documents/preload-poc$ LD_PRELOAD=$(pwd)/module.so sudo whoami
root
user@laptop:~/Documents/preload-poc$ sudo su -c 'echo "$(pwd)/module.so" > /etc/ld.so.preload'
user@laptop:~/Documents/preload-poc$ sudo whoami
FUCKSHIT
FUCKSHIT
rootNote that after injection, our canary, FUCKSHIT, prints twice. once for running "sudo", and once for running "whoami"
That's all for now, hopefully you learned how to inject libraries in linux. There's a similar little setting in Windows called AppInit_DLLs, and I might edit in details on that later, but for now you can google that little slut.
RE: Injecting modules in Linux - meow - 05-06-2016
You're back! Nice thread
Please stay here this time, this forum needs you...
RE: Injecting modules in Linux - Dismas - 05-06-2016
Your vocabulary changed. Nice to see a tutorial from you.
(05-06-2016, 03:46 AM)meow Wrote: You're back! Nice thread
Please stay here this time, this forum needs you...
(05-06-2016, 04:04 AM)Ayumi Wrote: You were one of my favorite old members, I really hope you stay this time.
Seconding these statements.