Warning: Declaration of action_plugin_changes::register($controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /volume1/web/dokuwiki/lib/plugins/changes/action.php on line 0 nix_rootkit_xingyiquan [Protocol Engineering Lab.]

User Tools

Site Tools


nix_rootkit_xingyiquan

루트킷: xingyiquan

원본 링크: https://sw0rdm4n.wordpress.com/2014/11/03/xingyiquan-simple-linux-kernel-rootkit-for-kernel-3-x-and-kernel-2-6-x/ 파일: xingyiquan.tar.gz

xingyiquan – simple linux kernel rootkit for kernel 3.x and kernel 2.6.x This is simple linux kernel rootkit works for kernel 3.x and 2.6.x.

FUNCTIONS

– escalate privilege This rootkit has a binary utility named xingyi_rootshell, once this rootkit installed, you can get rootshell by type : ./xingyi_rootshell “sw0rdm4n”. String “sw0rdm4n” is default password for root shell, This string is written in userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– bindshell This rootkit has a default bind shell on port 7777 using default password : “sw0rdm4n”. String “sw0rdm4n” is default password for bind shell, This string is written in userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– reverse shell This rootkit has reverse shell functionality which will be triggered by netfilter hook, in order to get reverse shell to your ip via port 7777, you must fire telnet on port 1337 to the box where you install this rootkit. Before that make sure you prepare a netcat listener on port 7777.

– another common functions Another common functions : hide files/dirs, hide connections, hide module, hook kill process, hook open, hook open directory, etc.

nix_rootkit_xingyiquan.txt · Last modified: 2015/12/17 01:44 by jonghyouk