Skip to content

mattbostock/go-ldpreload-backdoor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
vendor/github.com/rainycape/dl
vendor/github.com/rainycape/dl
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

LD_PRELOAD libc hooking using Go

This is an experiment to use Go in a shared library to wrap a libc function and start a TCP server (a 'backdoor') allowing arbitrary commands to be run from a client such as telnet or netcat.

This is a toy intended for educational purposes to demonstrate some of Go's capabilities.

Works on Linux only and requires Go version 1.5 or above in order to build the shared library.

Rationale

In writing this, I have four aims:

  • to try out Go's new build modes, which allow Go to be compiled to a shared library that can be called from C

  • to experiment with LD_PRELOAD exploits

  • to experiment with calling C from Go

  • to learn some C ;)

Usage

As this is an experiment, the backdoor will only listen on localhost.

GO15VENDOREXPERIMENT=1 go build -buildmode=c-shared -o backdoor.so main.go
LD_PRELOAD=./backdoor.so top

In a separate console, while top is running:

nc localhost 4444
[...type your commands here...]

Limitations

  • Only works on Linux
  • Only works with binaries that call libc's strrchr function. I'd ideally like to hook __libc_start_main instead. The binaries I tested with are ps and top as provided by Ubuntu Trusty LTS.

About

LD_PRELOAD libc hooking using Go

Topics

go shell golang ldpreload cgo

Resources

Readme

License

MIT license
Activity

Stars

156 stars

Watchers

10 watching

Forks

28 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages