403Webshell
Server IP : 172.67.191.97  /  Your IP : 104.23.197.208
Web Server : Apache/2.4.63 (Ubuntu)
System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.4.5
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /sbin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /sbin/execsnoop.bt
#!/usr/bin/env bpftrace
/*
 * execsnoop.bt   Trace new processes via exec() syscalls.
 *                For Linux, uses bpftrace and eBPF.
 *
 * This traces when processes call exec(). It is handy for identifying new
 * processes created via the usual fork()->exec() sequence. Note that the
 * return value is not currently traced, so the exec() may have failed.
 *
 * TODO: switch to tracepoints args. Support more args. Include retval.
 *
 * This is a bpftrace version of the bcc tool of the same name.
 *
 * 15-Nov-2017	Brendan Gregg	Created this.
 * 11-Sep-2018	   "     "	Switched to use join().
 */

#ifndef BPFTRACE_HAVE_BTF
#include <linux/sched.h>
#endif

BEGIN
{
	printf("%-15s %-7s %-7s %s\n", "TIME", "PID", "PPID", "ARGS");
}

tracepoint:syscalls:sys_enter_exec*
{
	$task = (struct task_struct *)curtask;
	printf("%15s %-7d %-7d ", strftime("%H:%M:%S.%f", nsecs), pid, $task->real_parent->pid);
	join(args.argv);
}

Youez - 2016 - github.com/yon3zu
LinuXploit