GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aesophor → satan

aesophor / satan

Licence: GPL-2.0 license
🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)

Programming Languages

c
50402 projects - #5 most used programming language
python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

linuxbackdoorrootkitlinux-kernellinux-kernel-module

Projects that are alternatives of or similar to satan

Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Stars: ✭ 98 (+216.13%)
Mutual labels:  backdoor, rootkit, linux-kernel, linux-kernel-module
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+2238.71%)
Mutual labels:  backdoor, rootkit, linux-kernel
Linux-Kernel-Driver-Programming
Implementation of PCI drivers, kprobe, sysfs, devfs, sensor driver, miscdevices, synchronization
Stars: ✭ 43 (+38.71%)
Mutual labels:  linux-kernel, linux-kernel-module
Webshell
Webshell && Backdoor Collection
Stars: ✭ 1,056 (+3306.45%)
Mutual labels:  backdoor, rootkit
Openssh Backdoor Kit
💣 just for fun ¯\_(ツ)_/¯
Stars: ✭ 211 (+580.65%)
Mutual labels:  backdoor, rootkit
S6 pcie microblaze
PCI Express DIY hacking toolkit for Xilinx SP605
Stars: ✭ 301 (+870.97%)
Mutual labels:  backdoor, rootkit
Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Stars: ✭ 478 (+1441.94%)
Mutual labels:  backdoor, rootkit
Malware
Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
Stars: ✭ 156 (+403.23%)
Mutual labels:  backdoor, rootkit
superhide
Example of hooking a linux systemcall
Stars: ✭ 48 (+54.84%)
Mutual labels:  rootkit, linux-kernel-module
Embedded-Linux-Education-Kit
Embedded Linux Education Kit
Stars: ✭ 66 (+112.9%)
Mutual labels:  linux-kernel, linux-kernel-module
devheart
Listen to Tux's heartbeat with this awesome Linux Kernel Module ❤️
Stars: ✭ 58 (+87.1%)
Mutual labels:  linux-kernel, linux-kernel-module
ebpfkit
ebpfkit is a rootkit powered by eBPF
Stars: ✭ 472 (+1422.58%)
Mutual labels:  rootkit, linux-kernel
Father
LD_PRELOAD rootkit
Stars: ✭ 59 (+90.32%)
Mutual labels:  backdoor, rootkit
Sutekh
An example rootkit that gives a userland process root permissions
Stars: ✭ 62 (+100%)
Mutual labels:  rootkit, linux-kernel
Awesome Linux Rootkits
awesome-linux-rootkits
Stars: ✭ 583 (+1780.65%)
Mutual labels:  rootkit, linux-kernel
Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (+180.65%)
Mutual labels:  backdoor, linux-kernel
linux kernel wiki
linux内核学习资料:200+经典内核文章,100+内核论文,50+内核项目,500+内核面试题,80+内核视频
Stars: ✭ 1,653 (+5232.26%)
Mutual labels:  linux-kernel, linux-kernel-module
Linux Kernel Module Cheat
The perfect emulation setup to study and develop the Linux kernel v5.4.3, kernel modules, QEMU, gem5 and x86_64, ARMv7 and ARMv8 userland and baremetal assembly, ANSI C, C++ and POSIX. GDB step debug and KGDB just work. Powered by Buildroot and crosstool-NG. Highly automated. Thoroughly documented. Automated tests. "Tested" in an Ubuntu 19.10 ho…
Stars: ✭ 2,748 (+8764.52%)
Mutual labels:  linux-kernel, linux-kernel-module
lkm-sandbox
Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development
Stars: ✭ 36 (+16.13%)
Mutual labels:  linux-kernel, linux-kernel-module
ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Stars: ✭ 80 (+158.06%)
Mutual labels:  rootkit, linux-kernel
View All Similar Projects ➔
CAUTION: Do NOT test this on physical machines!

Overview

  • Local privilege escalation (grant root shell)
  • File/directory hiding by absolute path
  • Process hiding by PID
  • Port hiding
  • Hide the rootkit itself
  • ...

Tested On

  • Debian 9 stretch 4.9.0-11

Build Requirements

  • gcc
  • GNU Make
  • Linux headers

Installation

  1. Build kernel module.
$ git clone https://github.com/aesophor/satanic-rootkit.git
$ cd satanic-rootkit
$ make
  1. Insert kernel module as root.
root# insmod satan.ko
  1. Run satanist.py as normal user to command the rootkit.
$ ./satanist.py --help

Usage

After inserting satan.ko into Linux kernel, one can use satanist.py to command the rootkit.

> ./satanist.py --help                 
usage: ./satanist.py <command> [argument]

--privesc <passphrase>     -- Spawn a root shell (bash).
--file-hide <path>         -- File/directory hiding by absolute path.
--file-unhide <path>       -- File/directory unhiding by absolute path.
--proc-hide <pid>          -- Process hiding by PID.
--proc-unhide <pid>        -- Process unhiding by PID.
--port-hide <port>         -- Port hiding by port number.
--port-unhide <port>       -- Port unhiding by port number.
--mod-hide                 -- Module hiding (hide itself from lsmod).
--mod-unhide               -- Module unhiding (unhide itself from lsmod).

-h --help                  -- Help message.
-v --version               -- Version info.

License

Available under GPL-2.0 License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].