Тhey’re always willing to trade away a little of their freedom in exchange for the feeling, the illusion of security.
-- George Carlin
For education purpose only and bla blya bla...
- Centos 6.10: 2.6.32-754.27.1.el6
- Centos 7: 3.10.0-862.3.2.el7
- Centos 8: 4.18.0-193.el8
- Debian 10: 4.19.0-9
- Ubuntu 20.04 LTS: 5.4.0-40-generic
Simple rootkit with mass access:
- Few persist methods
- LD_PRELOAD
- SSH Backdoor
- PAM Backdoor
- RCE MySQL/PG
cd ./pre
./pre.sh
cd -
Copy CLIENT to ./src/CLIENT/
Put needed SSH and PAM version into ./src/SSH/ and ./src/PAM/
Copy folder to target
./install.sh
Have fun.
- "LKM HACKING", The Hackers Choice (THC), 1999;
- http://phrack.org/issues/68/11.html
- https://github.com/naworkcaj/bdvl 'Was... Awesome.'
- https://github.com/r00tkillah/HORSEPILL
- https://github.com/milabs/kmatryoshka
- Modernize loader to modify version
- Add ITIME from NSA
- Continue test OpenSUSE
- Add Oracle backdoor
2019-2021 @Not_C_Developer