Theoretical concept of creating and concealing a Remote Access Trojan by 0x00pf pico @https://0x00sec.org/u/0x00pf/summary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
1.1 KiB
23 lines
1.1 KiB
// Shouts to 0x00pf pico @ 0x00sec for writing an instalment for RAT functionality and the means to its concealment. |
|
// Link: https://0x00sec.org/t/programming-for-wanabes-xi-introduction-to-rats/26318/1 |
|
#include <stdio.h> |
|
#include <unistd.h> |
|
#include <string.h> |
|
|
|
int main (int argc, char * argv[]) { |
|
pid_t pid; |
|
print("This is RAT0X0 version 0.1\n"); // Name of simple process |
|
strcpy(argv[0], "[Jbd2/sda0-8"); //Overwriting the name to prevent suspicion, something arbitrary |
|
// The classic daemon // |
|
// create a new process that is an exact copy of the original one |
|
// difference between the father and the child is that, |
|
// after fork the PID of the child is returned to the father and 0 is returned to the child |
|
// Both process continuing execution in the line just after fork in the program |
|
if ((pid = fork()) != 0) return 0; |
|
setsid (); // creating new session for the process to prevent process being killed after |
|
// closed terminal due to the process being created with the terminal associated |
|
if ((pid = fork()) != 0) return 0 |
|
while (1) usleep (1000); |
|
|
|
|
|
}
|
|
|