Giter VIP home page Giter VIP logo

clamide's Introduction

Clamide: let your shell access the kernel

What is this?

Clamide is a tool I made in rust to learn about x86 syscalls and how linux internals. This really shouldn't be used in any production environment, but I hope that at least one person might find this useful or learn a thing or two

What can it do?

The main focus of clamide is to let you execute syscalls from within the safe confines of bash, without needing to actually start programming anything. See the Linux Syscall Table for all the things you can do with this. (note that structs are not yet supported)

How does it work?

  • First, it uses the ptrace syscall to attach to the target process. By default, the process is the shell that called clamide, but with -p you can use it on any process.
  • Then, the process is frozen temporarily and the RIP instruction pointer that corresponds to the next binary instruction the CPU will execute during the processes runtime is saved
  • PTRACE_POKETEXT is used to write the two bytes 0x0f 0x05 to the memory of the process, specifically at the instruction pointer that will be executed next. These bytes corresponds to the syscall instruction for linux.
  • The registers of the target program are set to the arguments specified, and the process is stepped forward a single step, causing it to execute the syscall instruction we slipped in
  • The instruction pointer and the bytes we changed are reset to the values they were before we changed them, the process is resumed and the control flow returns to normal

It also contains a basic shellcode injector with --shellcode, although that isn't the main focus

How do I use it?

First, get the source code and build. You need cargo downloaded obviously

git clone https://github.com/CoolElectronics/clamide
cd clamide
cargo build --release
sudo cp target/release/clamide /usr/bin/clamide

See /examples to learn how to use the program. Note that this will only function on x86_64 bit computers running linux. This is partially because I'm lazy, but also because the authors of the ptrace library are lazy as well and never implemented it upstream.

Depending on your kernel config, you may need to run sudo bash -c 'echo 0 > /proc/sys/kernel/yama/ptrace_scope to enable ptracing external programs

Credits

This whole project is based on this amazing blog post. I would not have been able to do any of this or learn about this stuff without it.

clamide's People

Contributors

velzie avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.