-
Notifications
You must be signed in to change notification settings - Fork 1
/
yellow.c
45 lines (34 loc) · 1.13 KB
/
yellow.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/**
A simple binary wrapper for triggering a canary token.
By @singe
Setup:
Register your own DNS canary token from Thinkst at https://canarytokens.org/
and put it in the TOKEN environment variable.
Move the legit binary to use the extension you defined below, then either
copy this binary to that or use a symlink. For example:
cp yellow /usr/bin
cd /usr/bin
mv id id.canary
ln -s yellow id
Compiling:
gcc -o yellow yellow.c canary32.c
Usage:
If anyone executes one of your binaries, you'll get a Canary notification.
**/
#include <unistd.h>
#include "canary32.h"
// Use whatever extension you like
#define EXTENSION ".canary"
// 500 bytes should be enough for anyone - Not Bill Gates
#define FILENAMESIZE 500
int main(int argc, char *argv[], char *environ[])
{
yellow(argv[0]);
// Append our extension to the called filename to get the real one
char realexe[FILENAMESIZE];
snprintf(realexe, FILENAMESIZE, "%s%s", argv[0], EXTENSION);
// PATH lookup the exec and replace this process with it
// Preserving the passed args and environment
execvp(realexe, argv);
return 0;
}