docs: added README
This commit is contained in:
parent
859d78c7e3
commit
16d71ea76a
1 changed files with 35 additions and 0 deletions
35
README.md
Normal file
35
README.md
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# pox
|
||||||
|
Pox is an infection framework for processes, with tools to manipulate the remote address space.
|
||||||
|
|
||||||
|
Pox is built with the PTRACE syscall, so its limited to Linux/BSD systems.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
Pox itself is a crate providing features to execute remote syscalls, inject remote strings, monitor remote execution and find memory mappings.
|
||||||
|
Most features can be individually selected while including this crate in your project: `[locator, monitor, rc]`.
|
||||||
|
|
||||||
|
Additionally, with the `bin` feature, a sample infection binary will be produced: `vector`.
|
||||||
|
|
||||||
|
### Vector
|
||||||
|
Vector can infect running processes, invoking `dlopen()` remotely and loading a shared object.
|
||||||
|
It will only work on binaries with glibc linked (no musl support yet).
|
||||||
|
It can both attack a running process (probably will require root privileges) or spawn a child process and infect it.
|
||||||
|
|
||||||
|
Vector will:
|
||||||
|
* find a syscall instruction and use it to execute remote actions
|
||||||
|
* invoke a remote mmap to allocate a string
|
||||||
|
* write shared object path in allocated string
|
||||||
|
* calculate dlopen address from system glibc and procmaps
|
||||||
|
* force set registers and execute dlopen with previously injected path
|
||||||
|
* resume process
|
||||||
|
|
||||||
|
## Status
|
||||||
|
Pox is still under development. I'm building this to explore Linux OS, processes and memory.
|
||||||
|
|
||||||
|
# Author notes
|
||||||
|
This could potentially be used to produce malware, since it helps introduce extraneous libraries into running processes.
|
||||||
|
However, I believe it's still fine to opensource this:
|
||||||
|
* The injection method is pretty old, described on [Phrack](http://phrack.org/issues/59/8.html) in 2002.
|
||||||
|
* This only works on Linux/BSD
|
||||||
|
* On most most modern systems, PTRACE can't attach other processes if not run from root
|
||||||
|
* There are other available projects doing the same thing
|
||||||
|
|
Loading…
Reference in a new issue