Skip to content

mattbostock/go-ldpreload-backdoor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LD_PRELOAD libc hooking using Go

This is an experiment to use Go in a shared library to wrap a libc function and start a TCP server (a 'backdoor') allowing arbitrary commands to be run from a client such as telnet or netcat.

This is a toy intended for educational purposes to demonstrate some of Go's capabilities.

Works on Linux only and requires Go version 1.5 or above in order to build the shared library.

Rationale

In writing this, I have four aims:

  • to try out Go's new build modes, which allow Go to be compiled to a shared library that can be called from C

  • to experiment with LD_PRELOAD exploits

  • to experiment with calling C from Go

  • to learn some C ;)

Usage

As this is an experiment, the backdoor will only listen on localhost.

GO15VENDOREXPERIMENT=1 go build -buildmode=c-shared -o backdoor.so main.go
LD_PRELOAD=./backdoor.so top

In a separate console, while top is running:

nc localhost 4444
[...type your commands here...]

Limitations

  • Only works on Linux
  • Only works with binaries that call libc's strrchr function. I'd ideally like to hook __libc_start_main instead. The binaries I tested with are ps and top as provided by Ubuntu Trusty LTS.

About

LD_PRELOAD libc hooking using Go

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages