Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flag useable kernel keyrings #19

Open
timb-machine opened this issue Jan 31, 2021 · 2 comments
Open

Flag useable kernel keyrings #19

timb-machine opened this issue Jan 31, 2021 · 2 comments

Comments

@timb-machine
Copy link
Contributor

No description provided.

@timb-machine timb-machine mentioned this issue Jan 31, 2021
Open
@timb-machine
Copy link
Contributor Author

Need to dig into this to see what we can do from a shell script perspective. We'll continue to track the wider re-engineering under #6.

@timb-machine timb-machine mentioned this issue Jan 31, 2021
Open
@X-C3LL
Copy link

X-C3LL commented Jan 31, 2021
edited
Loading

Hi!

In the original paper a .sh is provided ("Heracles.sh"). This .sh is called from each user session using GDB:

sudo gdb -p <shell_pid> -batch -ex 'call system("./heracles.sh")

In reality, gdb is just using ptrace under the hood to attach to the process and do the magic. I don't know if there is a way to do it with pure bash... but as alternative you can build a one liner in perl and use the syscall function to call ptrace and add your call to system("/tmp/your-script-that-uses-keyctl) in any process. I guess python + ctypes would do the job too.

It is not pure bash... but is the closest thing you can do I guess.

I just noticed this exists in perl => https://metacpan.org/pod/Sys::Ptrace (but I am not sure if it is installed by default)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@X-C3LL @timb-machine