Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add hidden TCP/UDP connections and hide them in SS commands such as Netsat. Complete installation and usage instructions #101

Open
xiaojj2021 opened this issue Sep 27, 2024 · 4 comments

Comments

@xiaojj2021
Copy link

xiaojj2021 commented Sep 27, 2024

I haven't seen the installation documentation or usage instructions
README.md
Inside, there is no clear definition of how to execute it?
What commands do I need to hide the process
What command do I need to hide TCP-UDP connection? I don't quite understand

@carloslack
Copy link
Owner

carloslack commented Sep 27, 2024

Good idea, I will write a usage instructions. In the meantime you can check some demo here https://github.com/carloslack/kv-demos/tree/master

About tcp/udp: it is hidden automatically, you don't need a separate command for that. You can check with tcpdump

To hide a process you first need to turn /proc interface on:
kill -SIGCONT 31337
will do it.
Then you: echo PID >/proc/
"PID" is the pid number of your process you want to hide.
whereas "name" is the one you set in Makefile, see changeme

Thanks

@xiaojj2021
Copy link
Author

xiaojj2021 commented Sep 27, 2024

My C2 connection destination will display TCP as 8.8.8.8:1234
What do I need to do to hide TCP network connections 8.8.8.8?

The administrator can easily detect my c2 using commands such as ss and netstat - an

@carloslack
Copy link
Owner

Currently I dont think it is possible, KoviD hides its own backdoors connections.
Including this in the list of things to do.

@xiaojj2021
Copy link
Author

I noticed that some Rookits support hidden TCP or UDP connections?
For example, I need to hide 8.8.8.8

Command:/elite/elite _cmd connhide

The following project does not support the latest kernel
https://github.com/f0rb1dd3n/Reptile

Hide TCP and UDP connections
Hide: /reptile/reptile_cmd conn hide
Unhide: /reptile/reptile_cmd conn show

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants