mattbostock/go-ldpreload-backdoor: LD_PRELOAD libc hooking using Go

Name	Latest commit message	Commit time
Failed to load latest commit information.
vendor/github.com/rainycape/dl	Hook strrchr() rather than __libc_start_main	Aug 26, 2015
.gitignore	Add .gitignore for generated files	Aug 26, 2015
LICENSE	Initial commit	Aug 26, 2015
README.md
main.go	Bind remote shell to localhost	Dec 9, 2015

Type

Name

Latest commit message

Commit time

Failed to load latest commit information.

vendor/github.com/rainycape/dl

Hook strrchr() rather than __libc_start_main

Aug 26, 2015

.gitignore

Add .gitignore for generated files

Aug 26, 2015

LICENSE

Initial commit

Aug 26, 2015

README.md

main.go

Bind remote shell to localhost

Dec 9, 2015

This is an experiment to use Go in a shared library to wrap a libc function and start a TCP server (a 'backdoor') allowing arbitrary commands to be run from a client such as telnet or netcat.

This is a toy intended for educational purposes to demonstrate some of Go's capabilities.

Works on Linux only and requires Go version 1.5 or above in order to build the shared library.

Rationale

In writing this, I have four aims:

to try out Go's new build modes, which allow Go to be compiled to a shared library that can be called from C
to experiment with LD_PRELOAD exploits
to experiment with calling C from Go
to learn some C ;)

Usage

As this is an experiment, the backdoor will only listen on localhost.

GO15VENDOREXPERIMENT=1 go build -buildmode=c-shared -o backdoor.so main.go
LD_PRELOAD=./backdoor.so top

In a separate console, while top is running:

nc localhost 4444
[...type your commands here...]

Limitations

Only works on Linux
Only works with binaries that call libc's strrchr function. I'd ideally like to hook __libc_start_main instead. The binaries I tested with are ps and top as provided by Ubuntu Trusty LTS.

Join GitHub today

Rationale

Usage

Limitations