Skip to content

Latest commit

 

History

History
26 lines (23 loc) · 749 Bytes

README.md

File metadata and controls

26 lines (23 loc) · 749 Bytes

rkorova: LD_PRELOAD rootkit

This is an LD_PRELOAD rootkit I wrote several years ago in high school and have been trying sporadically to improve ever since.

Features

  • Important strings are xor'ed out
  • ptrace disabling
  • Memory cleaning
  • Process hiding (currently only through magic strings)
  • File hiding through magic strings or GID
  • Not detected by rkhunter (as of 2020)

Planned features

  • Port hiding
  • libpcap hooks
  • Reverse shell
  • Self-destruct feature
  • VM detection (implemented a little bit)
  • Better anti-debugging features
  • Better code (never happening lol)
  • C2 client
  • Syscall hooking with ptrace

Requirements

  • gcc
  • libc6 (duh)
  • nscd (this will totally break everything if it is not installed)