Created
April 4, 2023 12:22
-
-
Save Raffy27/7ad6cb191b70a6a4eff2da481d539b63 to your computer and use it in GitHub Desktop.
Stealthy IPC using offsets and file descriptors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <time.h> | |
| #include <fcntl.h> | |
| #include <unistd.h> | |
| #include <string.h> | |
| #include <sys/wait.h> | |
| #define SIG_SYNC 0 | |
| #define SIG_END 1 | |
| int sendText(int fd, char *text) { | |
| for (int i = 0; i < strlen(text); i++) { | |
| // Use the character as the seek position! | |
| lseek(fd, text[i] + SIG_END, SEEK_SET); | |
| // Wait until the child process signals that it has read the character | |
| while (lseek(fd, 0, SEEK_CUR) != SIG_SYNC); | |
| } | |
| // Send the end character | |
| lseek(fd, SIG_END, SEEK_SET); | |
| } | |
| int receiveText(int fd, char *text) { | |
| int len = 0; | |
| while (1) { | |
| // Wait until the parent process has finished writing | |
| while (lseek(fd, 0, SEEK_CUR) == SIG_SYNC); | |
| // Read the character sent by the parent process | |
| int chr = lseek(fd, 0, SEEK_CUR); | |
| chr -= SIG_END; | |
| text[len++] = chr; | |
| if (chr == 0) { | |
| // Null byte received, we're done | |
| break; | |
| } | |
| // Signal the parent process that we have read the character, and it can take over | |
| lseek(fd, SIG_SYNC, SEEK_SET); | |
| } | |
| } | |
| int main(int argc, char **argv) { | |
| printf("[+] Parent process created by %d with pid %d\n", getppid(), getpid()); | |
| srand(time(NULL)); | |
| char text[50]; | |
| int random = rand() % 100; | |
| sprintf(text, "Your random number is %d.", random); | |
| printf("[i] The text to send is: \"%s\"\n", text); | |
| int fd = open("random.txt", O_WRONLY | O_CREAT, 0644); | |
| if (fd < 0) { | |
| perror("open"); | |
| return 1; | |
| } | |
| int pid = fork(); | |
| if (pid < 0) { | |
| perror("fork"); | |
| return 1; | |
| } | |
| if (pid == 0) { | |
| printf("[+] Child process created by %d with pid %d\n", getppid(), getpid()); | |
| printf("[i] Child process receiving text\n"); | |
| char text2[50]; | |
| receiveText(fd, text2); | |
| printf("[i] Child process received text:\n"); | |
| printf("\t\"%s\"\n", text2); | |
| printf("[-] Child process exited\n"); | |
| return 0; | |
| } else { | |
| printf("[+] Parent process sending text\n"); | |
| sendText(fd, text); | |
| printf("[i] Parent process sent text\n"); | |
| wait(NULL); | |
| close(fd); | |
| } | |
| printf("[-] Parent process exited\n"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment