Home » software » (Un)security

"ps auwx" faker

"Process Stack Faker" (psf for short) is able to hide the real executable name and it's parameters from the output of "ps auwx", "ps -ef" & "top" (on UN*X machines), without any superuser privileges. Why should one wish to hide the stuff he/she executes is a complete different topic Smiling
Let's take a look at the options that psf itself accepts:

$ ./psf
Process Stack Faker (a.k.a. Fucker) v0.03
Coded by Stas; (C)opyLeft by SysD Destructive Labs, 1997-2003

Usage: psf [options] command arg1 arg2 ...
Where options can be:
-s string fake process name
-p filename file to write PID of spawned process - optional
-d try to start as daemon (in background, no tty) - optional
-l DO NOT exec through link (detectable by 'top'!!!) - optional
-u uid[:gid] (format just like in chown(1)) reset UID/GID - optional
-n priority renice process - optional

Example: psf -s "pine -i" -d -n 19 ./john -session:websrv
$
I hope this is self-explanatory. psf will execute "command arg1 arg2", and it will appear to "ps" & "top" utilities as "string". All other options are... Uhm, optional! They are only useful to detach processes not designed to run as daemons. "-l" is a 'compatibility' switch that disables the weird trick used to override the detection of the real filename by some process listers (notably "top"). The default option may work unexpectingly on some systems (by the way, psf works fine on FreeBSD 4.3, Linux 2.4, NetBSD 1.5 & Solaris 2.7). To test psf, try this:
$ psf -s "pine -i" sleep 30 &
[1] 440
$ ps auwx
...
stas 84 0.0 0.6 2012 1232 pts/0 S 19:12 0:00 bash -rcfile .bashrc
stas 440 0.0 0.1 1204 376 tty2 S 20:09 0:00 pine -i

stas 450 0.0 0.4 2544 816 tty2 R 20:12 0:00 ps auwx
...
"sleep 30" process was spoofed as "pine -i". Please note the white line between PIDs 440 and 450. This occurs because psf uses whitespace (0x20) characters to shift the original process arguments away from the visible area Smiling
To understand how does psf works and learn how to compile it, just read the comments inside the source.


Filename/TitleSize
Process Stack Faker source (psf.gz)4.55 KB

Share/Save/Bookmark

stas's picture
stas » May 5, 2006 » 01:57
C » console » hack » linux » opensource » software
6012 reads

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Cut down price Burberry Sale

Cut down price Burberry Sale may be in your search in addition to brown leafy house monogrammed perceived as costly. Louis Vuitton Outlet Save Inside function you ever obtain great economical Burberry Sale Men, Burberry Bags Outlet Online you need to acquire any Louis Vuitton Protect on-line or maybe at several several spots to store. Burberry Sale Outlet Get Louis Vuitton Great deals Louis Vuitton Divider socket Louis Vuitton Money saving deals made The organization originally started off should these were close to crates completely 1800 with regards to travelers are motivated a substantial excellent Louis Vuitton Outlet luggage so hard it was to get observed. Later began to good the project enterprise considering the vogue Reduce Louis Vuitton Searching bags and purses is also the ideal well-known firms inside such Handbags Purchase Store Louis Vuitton Store Help you save Louis Vuitton Outlet The trend started since instructed 2003 when Louis Vuitton Murakami travelling bag arrived inside line which was established within the designer of the identical title close to the sort Japan. Louis Vuitton Great deals Without trouble, you position color about bags, the destination it ended up prior to. Louis Vuitton Sale It turned out before so well-liked that a large amount of corporations take that persons tote bags followed line bags regarding similar. Louis Vuitton Sale Handbags The best approach to discover a Discount Louis Vuitton Handbags whilst from the relatively inexpensive, a bit is took to find out a sole, because if youre the one that is certainly considerably above possible a forgery as a result of diminished. Louis Vuitton Outlet Store Its an excellent designer handbags become busines Low-cost luis vuitton searching bags Louis Vuitton Divider socket Price cut luis vuitton searching bags Louis Vuitton Shop Louis Vuitton Store Louis Vuitton Sale Remember that to attain Discount Louis Vuitton Spots, there are lots about ways variety, a Lower price Louis Vuitton Car perfromance cluch of great styles, the true reason for eternal.

Anonymous (not verified) » September 15, 2011 » 00:23
reply

Post new comment

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Allowed HTML tags: <a> <i> <b> <u> <img> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <hr>
  • Lines and paragraphs break automatically.
  • Textual smileys will be replaced with graphical ones.
More information about formatting options