Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (7.1%) to scientific vocabulary
Repository
Code injection from Linux kernel to a process
Basic Info
- Host: GitHub
- Owner: milabs
- License: gpl-2.0
- Language: C
- Default Branch: master
- Size: 25.4 KB
Statistics
- Stars: 21
- Watchers: 2
- Forks: 3
- Open Issues: 0
- Releases: 0
Metadata Files
README.md
0
KJECTOR - Linux kernel injector
Usage
Build the project using the following command:
~~~
$ git submodule update --init # first time only
$ [DEBUG=1] [PAYLOAD=
ldr is a payload which loads shared object library (default)
idle is a payload which does nothing but continues process execution
idle-trap is a payload which traps process execution (DO NOT USE IN PRODUCTION)
Once built use the following command to load the module:
~~~ $ sudo insmod kj_mod/kjector.ko ~~~
Default build injects kj_lib/libkjector.so to every ping process.
Once injected libkjector.so sends UDP datagram with a string to 127.0.0.1:6666.
To catch it run nc-like listener like follows:
~~~ $ nc -ludk 127.0.0.1 6666 ~~~
Features
- x86_64 only
- 2.6.18+ kernels
- able to inject shared object
How it works
Injection happens in sys_close syscall hanlder.
Injection is done using vm_mmap / copy_to_user / mprotect sequence.
Target process state is modifyed by changing instruction pointer register (pt_regs->ip).
Related
KHOOK hooking engine: - KHOOK
Kernel mode to user mode so injection: - linux-kernel-so-injector
Disclaimer
Education purposes. Only.
License
This software is licensed under the GPL.
Author
2023
Owner
- Name: Ilya V. Matveychikov
- Login: milabs
- Kind: user
- Location: Russia, Moscow
- Repositories: 14
- Profile: https://github.com/milabs
Linux kernel addict, security researcher, reverse engineer
Citation (CITATION.cff)
# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!
cff-version: 1.2.0
title: KJECTOR - Linux kernel injector
message: >-
If you use this software, please cite it using the
metadata from this file.
type: software
authors:
- given-names: Ilya
family-names: Matveychikov
email: matvejchikov@gmail.com
repository-code: 'https://github.com/milabs/kjector'
abstract: Code injection from Linux kernel to a process.
keywords:
- linux
- kernel
- code injection
license: GPL-2.0
date-released: '2023-05-20'
GitHub Events
Total
- Watch event: 3
- Fork event: 1
Last Year
- Watch event: 3
- Fork event: 1
Committers
Last synced: 9 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Ilya V. Matveychikov | m****v@g****m | 1 |
Issues and Pull Requests
Last synced: 11 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0