• Stars
    star
    771
  • Rank 58,926 (Top 2 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created almost 11 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

Azazel

V 0.1

The whole earth has been corrupted through the works that were taught by Azazel: to him ascribe all sin. -- 1 Enoch 2:8


Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

Features

  • Anti-debugging
  • Avoids unhide, lsof, ps, ldd detection
  • Hides files and directories
  • Hides remote connections
  • Hides processes
  • Hides logins
  • PCAP hooks avoids local sniffing
  • Two accept backdoors.
  • Crypthook encrypted accept() backdoor -- Full PTY
  • Plaintext accept() backdoor -- Full PTY
  • PAM backdoor for local privesc and remote entry
  • Log cleanup for utmp/wtmp entries based on pty

Using netcat to communicate with a remote PTY isn't the best idea. See below for a better PTY client written by InfoDox, or use socat with a command similar to the following and then just paste the password into the session, otherwise socat send the first char making the passwords not match.

socat -,raw,echo=0 TCP:target:port,bind=:61040

Links

Disclaimer

The authors are in no way responsible for any illegal use of this software. It is provided purely as an educational proof of concept. We are also not responsible for any damages or mishaps that may happen in the course of using this software. Use at your own risk.

More Repositories

1

Jynx2

JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit. The backdoor has been replaced with an "accept()" system hook.
C
158
star
2

CryptHook

TCP/UDP symmetric encryption tunnel wrapper
C
117
star
3

Beleth

Multi-threaded SSH Password Auditor
C
92
star
4

flaskgur

Simple image hosting site written with Flask and Python
Python
83
star
5

jynxkit

JynxKit is an LD_PRELOAD userland rootkit for Linux systems with reverse connection SSL backdoor
C
56
star
6

pytinydns

PYTinyDNS
Python
54
star
7

crunchpwn

#Pwn Linux (CrunchPwn) is a penetration testing repository/addition for CrunchBang Linux.
27
star
8

stampauth

SSH Two-factor Authentication Module in Python
Python
15
star
9

fbpic2id

Identify the owner of a Facebook image given a direct link to one of their photos.
Python
12
star
10

PiBowl

Automatic secured telecommunication network setup and configuration using Asterisk.
Shell
12
star
11

BNPinCoverage

Visually analyze basic block code coverage in Binary Ninja using Pin output.
Python
11
star
12

seqack

SEQ/Ack signature triggered SSL back connect
C
10
star
13

Andrena

Simple multi-stream protocol for use with ZigBee wireless modules. Adds an additional layer of encryption and allows advanced streams such as file transfers.
Python
9
star
14

FishBowl

Fish Bowl is based on the NSA approved communication SVoIP Infrastructure as set forth in their Mobility Capability Package.
Shell
6
star
15

DUKPT

Derived unique key per transaction implementation in Python
Python
6
star
16

BasicBlocks

Pin tool for printing the address of each basic block executed in a program.
C++
6
star
17

UnicodeFuzzer

Generate random unicode based on a file of ranges.
Python
6
star
18

CPBBS

ChokePoint BBS (Bulletin Board System). Attaches to a modem using agetty, a tcp/ip port using netcat, or use it as a login shell for ssh.
5
star
19

Ataraxpy

Python2 IRC bot wrapping framework for rapid development
Python
4
star
20

odessa

Very basic example of an IRC bot to manage a channel (written in C).
C
2
star
21

ormclass

PHP
1
star