nopn0p / rkorova

Licence: MIT license

ld_preload userland rootkit

Programming Languages

50402 projects - #5 most used programming language

python

139335 projects - #7 most used programming language

shell

77523 projects

Projects that are alternatives of or similar to rkorova

Father

LD_PRELOAD rootkit

Stars: ✭ 59 (+73.53%)

Mutual labels: rootkit, malware, ld-preload

Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Stars: ✭ 725 (+2032.35%)

Mutual labels: rootkit, malware

timeskew

Override time reporting in Linux processes (accelerate/slowdown games, test code involving timers/delays)

Stars: ✭ 36 (+5.88%)

Mutual labels: ldpreload, ld-preload

Vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Stars: ✭ 804 (+2264.71%)

Mutual labels: rootkit, libc

lsrootkit

Rootkit Detector for UNIX

Stars: ✭ 53 (+55.88%)

Mutual labels: rootkit, rootkits

Emp3r0r

linux post-exploitation framework made by linux user

Stars: ✭ 419 (+1132.35%)

Mutual labels: rootkit, malware

Spacecow

Windows Rootkit written in Python

Stars: ✭ 81 (+138.24%)

Mutual labels: rootkit, malware

Bdvl

LD_PRELOAD Linux rootkit (x86 & ARM)

Stars: ✭ 232 (+582.35%)

Mutual labels: rootkit, libc

Malware

Stars: ✭ 156 (+358.82%)

Mutual labels: rootkit, malware

Www.rootkit.com

www.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.

Stars: ✭ 117 (+244.12%)

Mutual labels: rootkit, malware

NtSymbol

Resolve DOS MZ executable symbols at runtime

Stars: ✭ 78 (+129.41%)

Mutual labels: rootkit, rootkits

Umbra

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.

Stars: ✭ 98 (+188.24%)

Mutual labels: rootkit, malware

libkeepalive

LD_PRELOAD library for enabling TCP keepalive socket options

Stars: ✭ 16 (-52.94%)

Mutual labels: ldpreload, ld-preload

training-materials

No description or website provided.

Stars: ✭ 47 (+38.24%)

Mutual labels: malware

gocave

Finding code caves in ELF files with GoLang

Stars: ✭ 22 (-35.29%)

Mutual labels: malware

go-crypt

Golang wrappers for glibc crypt(3)

Stars: ✭ 36 (+5.88%)

Mutual labels: libc

antianalysis demos

Set of antianalysis techniques found in malware

Stars: ✭ 108 (+217.65%)

Mutual labels: malware

SMM-Rootkit

SMM rootkit similar to LoJax or MosaicRegressor

Stars: ✭ 44 (+29.41%)

Mutual labels: rootkit

Reverse-Engineering

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Stars: ✭ 7,234 (+21176.47%)

Mutual labels: malware

OLEPackagerFormat

OLE Package Format Documentation

Stars: ✭ 18 (-47.06%)

Mutual labels: malware

View All Similar Projects ➔

rkorova: LD_PRELOAD rootkit

This is an LD_PRELOAD rootkit I wrote several years ago in high school and have been trying sporadically to improve ever since.

Features

Important strings are xor'ed out
ptrace disabling
Memory cleaning
Process hiding (currently only through magic strings)
File hiding through magic strings or GID
Not detected by rkhunter (as of 2020)

Planned features

Port hiding
libpcap hooks
Reverse shell
Self-destruct feature
VM detection (implemented a little bit)
Better anti-debugging features
Better code (never happening lol)
C2 client
Syscall hooking with ptrace

Requirements

gcc
libc6 (duh)
nscd (this will totally break everything if it is not installed)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

nopn0p / rkorova

Programming Languages

Labels

Projects that are alternatives of or similar to rkorova

rkorova: LD_PRELOAD rootkit

Features

Planned features

Requirements