Outer Web | Explore

Explore >> Select a destination

You are here		xcellerator.github.io Linux Rootkits Part 7: Hiding Processes :: TheXcellerator
\|	\|	pwning.systems An introduction to Kernel Exploitation Part 1 :: pwning.systems	11.7 parsecs away Travel
\|	\|	I'm writing this post because I often hear that kernel exploitation is intimidating or difficult to learn. As a result, I've decided to start a series of basic bugs and exercises to get you started! Prerequisites Knowledge of the Linux command line Knowing how to read and write basic C may be beneficial Being able to debug with the help of a virtual computer or another system Able to install the kernel module compilation build requirements A basic understanding of the difference between userland and kern...	11.7 parsecs away Travel
\|	\|	www.wiz.io Linux rootkits explained - Part 1: Dynamic linker hijacking \| Wiz Blog	18.0 parsecs away Travel
\|	\|	Dynamic linker hijacking via LD_PRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it.	18.0 parsecs away Travel
\|	\|	crocidb.com Demystifying the #! (shebang): Kernel Adventures - Bruno Croci	17.8 parsecs away Travel
\|	\|	Clarifying the shebang (#!) mechanism: A step-by-step look using strace and kernel code shows how Linux handles script execution directly, revealing the shell isn't involved initially.	17.8 parsecs away Travel
\|	\|	blog.nuculabs.dev Practical Binary Analysis - CTF Walkthrough - Level 3, 4 \| NucuLabs	47.1 parsecs away Travel
\|		Hello, In this article I'll present you my solution on the Chapter 5 CTF from the book Practical Binary Analysis. For this binary, the hint is to fix four broken things. Running file gives us the following response: 1 2 binary@binary-VirtualBox:~/ctf$ file ./lvl3 ./lvl3: ERROR: ELF 64-bit LSB executable, Motorola Coldfire, version 1 (Novell Modesto) error reading (Invalid argument) And the readelf command gives us: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 binary@binary-VirtualBox:~/ctf$ readelf -h ./lvl3 ELF Header: Magic: 7f 45 4c 46 02 01 01 0b 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: Novell - Modesto ABI Version: 0 Type: EXEC (Executable file) Machine: Motorola Coldfire Version: 0x1 Entry point address: 0x4005d0 Start of program headers: 4022250974 (bytes into file) Start of section headers: 4480 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 29 Section header string table index: 28 readelf: Error: Reading 0x1f8 bytes extends past end of file for program headers At this moment, it was clear that the ELF header is broken, in order to fix it I opened up Wikipedia and the elf specification.	47.1 parsecs away Travel