Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins/proclist: Implement a full-php way to get process list in Linux #154

Open
nil0x42 opened this issue Oct 3, 2020 · 2 comments
Open

plugins/proclist: Implement a full-php way to get process list in Linux #154

nil0x42 opened this issue Oct 3, 2020 · 2 comments
Labels
good first issue issue is good for first-time contributors stealth impacts stealthness and evasion capabilities to be documented

Comments

@nil0x42
Copy link
Owner

nil0x42 commented Oct 3, 2020

Current implementation of proclist plugin uses win32_ps_list_procs() php function on Windows host.

Therefore, linux implementation is a simple system("ps -a"), which is OPSEC unsafe, an would probably trigger EDR alerts.

A better implementation should avoid relying on system command execution.
@nil0x42 nil0x42 added to be documented stealth impacts stealthness and evasion capabilities good first issue issue is good for first-time contributors labels Oct 3, 2020
@paralax
Copy link
Contributor

paralax commented Dec 8, 2020

would groveling through /proc on linux work, you think?

@nil0x42
Copy link
Owner Author

nil0x42 commented Dec 9, 2020

i think it's a lot better indeed @paralax ! anyway ps does that internally, directly reading on /proc is probably the best way

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue issue is good for first-time contributors stealth impacts stealthness and evasion capabilities to be documented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nil0x42 @paralax