Theoretical concept of creating and concealing a Remote Access Trojan by 0x00pf pico @https://0x00sec.org/u/0x00pf/summary
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

23 lines
1.1 KiB

// Shouts to 0x00pf pico @ 0x00sec for writing an instalment for RAT functionality and the means to its concealment.
// Link: https://0x00sec.org/t/programming-for-wanabes-xi-introduction-to-rats/26318/1
#include <stdio.h>
#include <unistd.h>
#include <string.h>
int main (int argc, char * argv[]) {
pid_t pid;
print("This is RAT0X0 version 0.1\n"); // Name of simple process
strcpy(argv[0], "[Jbd2/sda0-8"); //Overwriting the name to prevent suspicion, something arbitrary
// The classic daemon //
// create a new process that is an exact copy of the original one
// difference between the father and the child is that,
// after fork the PID of the child is returned to the father and 0 is returned to the child
// Both process continuing execution in the line just after fork in the program
if ((pid = fork()) != 0) return 0;
setsid (); // creating new session for the process to prevent process being killed after
// closed terminal due to the process being created with the terminal associated
if ((pid = fork()) != 0) return 0
while (1) usleep (1000);
}