Linux ptrace introduction AKA injecting into sshd for fun
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Credentials - T1589.001 Hooking - T1617 Process Injection - T1631 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Hooking - T1179 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID b0c3fbc5-8c07-42b5-9100-f224dd52bc7d
Fingerprint 2e288d332c344250
Analysis status DONE
Considered CTI value 0
Text language
Published April 19, 2017, midnight
Added to db Jan. 18, 2023, 9:10 p.m.
Last updated Nov. 20, 2024, 12:48 a.m.
Headline Linux ptrace introduction AKA injecting into sshd for fun
Title Linux ptrace introduction AKA injecting into sshd for fun
Detected Hints/Tags/Attributes 42/2/10
Source URLs
Redirection Url
Details Source https://blog.xpnsec.com/linux-process-injection-aka-injecting-into-sshd-for-fun/
URL Provider
Details Provider Source level domain
Details xpnsec.com blog.xpnsec.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
regs.rip
Details Domain 4137 
github.com
Details Domain 16 
libdl.so
Details Domain 4 
inject.so
Details Domain 3 
test.so
Details Github username 5 
openssh
Details Github username 1 
gaffe23
Details Url 1 
https://github.com/openssh/openssh-portable/blob/master/auth-passwd.c
Details Url 1 
https://github.com/gaffe23/linux-inject
Details Url 1 
https://www.evilsocket.net/2015/05/01/dynamically-inject-a-shared-library-into-a-running-process-on-androidarm