-
Notifications
You must be signed in to change notification settings - Fork 170
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Save! Automatic commit from github.com/kris-nova/bin/git-save
Signed-off-by: Kris Nóva <kris@nivenly.com>
- Loading branch information
Showing
11 changed files
with
160 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
/! | ||
/! | ||
# Boopkit | ||
/! | ||
/! | ||
### Advanced TCP Penetration with eBPF in the Linux Kernel | ||
/! | ||
### 🇺🇦✨DevopsDays Ukraine ✨🇺🇦 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
/! | ||
/! | ||
### When did it begin? | ||
/! | ||
# 24 February, 2022 | ||
/! | ||
### Russia Invades Ukraine | ||
/! | ||
/! | ||
// - Following @lookner #OSINT | ||
// - Watching the invasion live | ||
// - Friends, Family in Ukraine | ||
// - Open Source Intelligence #OSINT | ||
/! | ||
/! | ||
// - https://supportukraine.love/osint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/! | ||
/! | ||
### What did I discover? 😇 | ||
/! | ||
# 11 March, 2022 | ||
/! | ||
### "Bug Bounty Program" | ||
/! | ||
/! | ||
// [Twitter] | ||
// twitter.com/krisnova/status/1502293124160409601 | ||
// -------------------------------------------------------- | ||
// I am not saying that I just found a LOG4J vulnerability | ||
// in a Russian bank. | ||
// | ||
// I am however saying that if anyone knows any Ukrainian | ||
// cybersecurity experts who want an IP address, a port | ||
// number, and a PoC my DMs are open. | ||
// -------------------------------------------------------- | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/! | ||
/! | ||
### Collaborating With Ukraine Government and Private Sector | ||
/! | ||
# "How can I help support Ukraine Cybersecurity?" | ||
/! | ||
## Teach us about what Russia could be doing to our Linux? | ||
/! | ||
# "What can eBPF do exactly?" | ||
/! | ||
## [ Rootkit ] [ Pid Obfuscation ] [ Docker Image Override ] | ||
## [ Syscall Interception ] [ Polymorphic Executables ] [ DNS ] | ||
## [ BPF Obfuscation ] [ Kernel Module Hiding ] [ XDP ] [ Pipe ] | ||
/! | ||
### The more we talked about the dangers of eBPF... | ||
### The more we realized there was A LOT it could do! | ||
/! | ||
// More: github.com/pathtofile/bad-bpf | ||
// More: github.com/Gui774ume/ebpfkit | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
/! | ||
/! | ||
### Collaborating With Ukraine Government and Private Sector | ||
/! | ||
# "Would they be able to exploit even a single SYN packet?" | ||
/! | ||
## Yes, probably. You would just need to know how! | ||
/! | ||
# "So, how?" | ||
/! | ||
### So, I kind of wrote a rootkit for Ukraine... | ||
/! | ||
// (hi mom) | ||
/! | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/! | ||
/! | ||
# [ Boopkit ] Exploited Machine | ||
/! | ||
/! | ||
// * Boop * SYN SOCK_RAW (Any Port) | ||
// | ||
// []-eth0-[] | ||
// +------------+ | ||
// | Linux 5.17 | --> [ Boopkit PID ] --> bpf_object__open(pr0be.boop.o) | ||
// +------------+ | --> bpf_object__open(pr0be.safe.o) | ||
// | --> bpf_object__open(pr0be.xdp.o) | ||
// #include <pthread.h> | ||
// | | ||
// [ xcap ring buffer ] [BPF Tracepoints] | ||
// | <-- tracepoint/tcp/tcp_receive_reset | ||
// [ 1024bytes :eth0 ] <-- tracepoint/tcp/tcp_bad_csum | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/! | ||
/! | ||
//[1/2 ] SYN Packet (About 80 bytes) | ||
/! | ||
//0 1 2 3 | ||
//0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Source Port | Destination Port | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Sequence Number | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Acknowledgment Number | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Data | |U|A|P|R|S|F| | | ||
//| Offset| Reserved |R|C|S|S|Y|I| Window | | ||
//| | |G|K|H|T|N|N| | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
// | Checksum | Urgent Pointer | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Options | Padding | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//{ ... ncat -lvp 8080 ... } | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/! | ||
/! | ||
//[ Boop 2/2 ] SYN-ACK +RST Packet (About 80 bytes) | ||
/! | ||
//0 1 2 3 | ||
//0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Source Port | Destination Port | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Sequence Number | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Acknowledgment Number | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Data | |U|A|P|R|S|F| | | ||
//| Offset| Reserved |R|C|S|S|Y|I| Window | | ||
//| | |G|K|H|T|N|N| | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
// | Checksum | Urgent Pointer | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//| Options | Padding | | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
//{ ... ncat -lvp 8080 ... } | ||
//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
/! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# Boopkit - Advanced TCP Penetration with eBPF in the Linux Kernel | ||
## Kris Nova | ||
## github.com/kris-nova/boopkit | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
|
||
|
||
|
||
██╗ ██╗██████╗ ██╗███████╗ ███╗ ██╗ ██████╗ ██╗ ██╗ █████╗ | ||
██║ ██╔╝██╔══██╗██║██╔════╝ ████╗ ██║██╔═══██╗██║ ██║██╔══██╗ | ||
█████╔╝ ██████╔╝██║███████╗ ██╔██╗ ██║██║ ██║██║ ██║███████║ | ||
██╔═██╗ ██╔══██╗██║╚════██║ ██║╚██╗██║██║ ██║╚██╗ ██╔╝██╔══██║ | ||
██║ ██╗██║ ██║██║███████║ ██║ ╚████║╚██████╔╝ ╚████╔╝ ██║ ██║ | ||
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚══════╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ | ||
|
||
|