| |||||||||||||
TCP connection hijacking and parasites - as a good thingTCP connection hijacking and parasites - as a good thingPosted Aug 19, 2011 17:24 UTC (Fri) by swebb (guest, #78608)Parent article: TCP connection hijacking and parasites - as a good thing
> Tejun's example program digs around in the target's address space for a nice bit of memory which has execute permission; the contents of that memory are saved and replaced by his "parasite" code.
I covered this technique and its limitations in my Defcon 19 presentation. I created a project called libhijack that allows injection of arbitrary code into new memory mappings. I have a feeling libhijack will get much more powerful with PTRACE_SEIZE.
I'm curious why Linux developers don't implement a DTrace clone. PTrace should die a horrible death.
(Log in to post comments)
TCP connection hijacking and parasites - as a good thing Posted Aug 23, 2011 12:15 UTC (Tue) by i3839 (guest, #31386) [Link]
Why would libhijack become more powerful with PTRACE_SEIZE?
As far as I can tell, it only makes ptracing more transparent, not more powerful.
This example doesn't do anything that couldn't have been done
And the whole approach is total madness. Why not just steal the
TCP connection hijacking and parasites - as a good thing Posted Aug 23, 2011 15:00 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]
you can only pass the socket FD to a process on the same system.
this approach can move the TCP connection to a different system.
TCP connection hijacking and parasites - as a good thing Posted Aug 23, 2011 21:39 UTC (Tue) by i3839 (guest, #31386) [Link]
I think that the current code only handles local processes too,
at least that was my impression after reading the code, especially main.c. You're right that this approach could make remote moves possible.
But damn, it's ugly. I'd say, add an explicit connection moving
|
|||||||||||||