NOTICE: THIS POST JUST FOR EDUCATION PURPOSE ONLY! YOU CAN LEARN HOW TO rootkit takes control of the system.
The Eros Rootkit is a special kind of malware with it’s own custom bootloader. The rootkit takes control of the system before forking and passing control to the operating system.
General Notes:
+ When compiling on linux dd is the most useful. See the compiling section.
+ With assembly you usually have to play around with the code to get it to work ; Be patient.
1 – Compiling ( Hardware method ):
+ Compile with nasm -f raw input.asm -o output.raw
+ Check what device is your target drive with lsblk. Usually it is the last one.
+ sudo dd if=output.raw of=/dev/sdc bs=512 count=1
The third step is the most important because we want the bootloader to be located at the first block on the device. BIOS looks at these blocks to determine if a device is bootable.b Later when the stage II bootloader is finished we will compile differently ; Skipping over the first 512 bytes so that the second part is easy to load from within the first.
eros rootkit
2 – Compiling ( Software method ):
+ Make sure that you have qemu installed.
+ make qemu
Usage:
(debian-Ubuntu) sudo apt-get install qemu git clone https://github.com/RagingGrim/Rootkit && cd Rootkit cd Rootkit make qemu
Source: https://github.com/RagingGrim