Releases: krisnova/boopkit
Memory improvements (h/t bl4sty)
Memory improvements (fixed segmentation fault) thanks bl4sty for the help.
- Improved interface packet parsing (raised ring buffer size)
- Fixed clearing eBPF objects from queue
- Debugging symbols in boopkit for gdb
- Added
-pflag for protect mode (will NOT execute RCE) useful for debugging
v1.4.0 SYN only release
More improvements to code (docs, stability, etc)
- Client now supports
-xfor SYN only mode (which is what I will use in my demo)
v1.3.0 - Boop default
Boopkit is flipping the logic around. I am trying to move the toolchain to be a little more useful to the end user. By default it will no longer do a reverse dial for an RCE string. It will search for it in the packet buffer, or it will do nothing. However there is a new flag (-r) that can be passed to both the client and the server that will support a reverse dial. A reverse dial is substantially more stable, however has a lot of implications.
v1.2.2 Stability Release
Better packet filtering for -p. Boopkit is now running stable with full RCE using only -p for both the client and the server. Also made improvements to the deep packet inspection mechanism which will increase stability of the rootkit.
v1.2.1
Adding a very important "halt" command.
-9, halt/kill Halt or kill the boopkit malware on a server.
Running remotely:
[nova@emily]: ~/boopkit>$ sudo -E boopkit-boop -9
================================================================
██████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗██╗████████╗
██╔══██╗██╔═══██╗██╔═══██╗██╔══██╗██║ ██╔╝██║╚══██╔══╝
██████╔╝██║ ██║██║ ██║██████╔╝█████╔╝ ██║ ██║
██╔══██╗██║ ██║██║ ██║██╔═══╝ ██╔═██╗ ██║ ██║
██████╔╝╚██████╔╝╚██████╔╝██║ ██║ ██╗██║ ██║
╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝
Author: Kris Nóva <kris@nivenly.com> Version 1.2.0
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES.
DO NOT ATTEMPT TO USE THE TOOLS TO VIOLATE THE LAW.
THE AUTHOR IS NOT RESPONSIBLE FOR ANY ILLEGAL ACTION.
MISUSE OF THE SOFTWARE, INFORMATION, OR SOURCE CODE
MAY RESULT IN CRIMINAL CHARGES.
Use at your own risk.
================================================================
-> *[RCE] : X*x.HALT.x**X
-> *[Local] : 127.0.0.1:3535
-> *[Remote] : 127.0.0.1:22
-> *[Payload] : (RCE, *bad csum) SYN only!
================================================================
-> [090 bytes] TX SYN : 127.0.0.1:22 (RCE, *bad csum)
================================================================
v1.2.0 - Single SYN / DPI
A slightly less hacky version of the program. This now supports a "single SYN" mode! There is also a really terrible multithreaded ring buffer for pcap packet captures that probably should never be ran by anyone.
Major features
-pfor "payload-only" mode. This means that boopkit will NOT reverse dial for an RCE payload. It only searches using DPI.-cfor boopkit-boop commands (moving from-x)- Dependency on
lipcapuntil we have time for a proper XDP integration. We have an interface for now. - xCap ring buffer
v1.0.6 Feature Improvements
Mostly a cosmetic and userspace runtime improvement release.
- Now supports home directoy probe loading
- make install now will install to home directory
- Log leaking has been addressed
- Fixed bug with hanging on bad reverse socket calls
- Fixed boop probe memory leak with
tplistto generate structs - Boopscript supports runtime overloading of variables for metasploit
Initial Release
This tag is the first release of boopkit!
- eBPF Probe (Self PID Obfuscation)
- eBPF Probe (TCP Bad checksum)
- eBPF Probe (TCP packet RST)
- Trigger program is compatible with metasploit
- Boopkit has ignore
-xfeature for noisy localhost - Boopkit now calling socket directly, preliminary reverse TCP injection
Tested on 5.16 and 5.17 kernels running Archlinux.