Last active
January 7, 2018 15:28
-
-
Save rgerganov/c92f23a51e93ba751206e363bd35de43 to your computer and use it in GitHub Desktop.
The exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <linux/input.h> | |
| #include <linux/uinput.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| char translate(int code) | |
| { | |
| if (code >= 16 && code <= 25) { | |
| return "qwertyuiop"[code - 16]; | |
| } | |
| if (code >= 30 && code <= 38) { | |
| return "asdfghjkl"[code - 30]; | |
| } | |
| if (code >= 44 && code <= 50) { | |
| return "zxcvbnm"[code - 44]; | |
| } | |
| return '\0'; | |
| } | |
| int main(int argc, char *argv[]) | |
| { | |
| int i, fd; | |
| struct input_event ev; | |
| srand(0); | |
| printf("Google Chrome process found, PID: 12907\n"); | |
| printf("Injecting exploit into target process "); fflush(stdout); | |
| for (i = 0 ; i < 4 ; i++) { | |
| printf("."); fflush(stdout); | |
| usleep(1000000); | |
| } | |
| printf(" success!\n"); | |
| printf("Base target address: %p\n", &ev); | |
| fd = open("/dev/input/event14", O_RDONLY); | |
| if (fd < 0) { | |
| fprintf(stderr, "cannot open input\n"); | |
| return 1; | |
| } | |
| while (1) { | |
| int ret = read(fd, &ev, sizeof(ev)); | |
| if (ret != sizeof(ev)) { | |
| fprintf(stderr, "unexpected read count\n"); | |
| continue; | |
| } | |
| if (ev.type == EV_KEY && ev.value == 1) { | |
| printf("Malicious read at %lx (success) -> char:%c\n", 0xffffffff00000000 + rand(), translate(ev.code)); | |
| } | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment