Skip to content

nopn0p/rkorova

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
utils
utils
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
compile.sh
compile.sh
 
 
config.py
config.py
 
 
libc.so
libc.so
 
 
moshi-proc.py
moshi-proc.py
 
 
rk.c
rk.c
 
 
rkconst.h
rkconst.h
 
 
rkheaders.h
rkheaders.h
 
 
unxor.py
unxor.py
 
 
xor.py
xor.py
 
 

Repository files navigation

rkorova: LD_PRELOAD rootkit

This is an LD_PRELOAD rootkit I wrote several years ago in high school and have been trying sporadically to improve ever since.

Features

  • Important strings are xor'ed out
  • ptrace disabling
  • Memory cleaning
  • Process hiding (currently only through magic strings)
  • File hiding through magic strings or GID
  • Not detected by rkhunter (as of 2020)

Planned features

  • Port hiding
  • libpcap hooks
  • Reverse shell
  • Self-destruct feature
  • VM detection (implemented a little bit)
  • Better anti-debugging features
  • Better code (never happening lol)
  • C2 client
  • Syscall hooking with ptrace

Requirements

  • gcc
  • libc6 (duh)
  • nscd (this will totally break everything if it is not installed)

About

ld_preload userland rootkit

Topics

linux library rootkit ldpreload malware libc ptrace ld-preload rootkits hide-files ld-preload-rootkit

Resources

Readme

License

MIT license
Activity

Stars

33 stars

Watchers

6 watching

Forks

9 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages