Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chokepoint/azazel
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
https://github.com/chokepoint/azazel
Last synced: 3 months ago
JSON representation
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
- Host: GitHub
- URL: https://github.com/chokepoint/azazel
- Owner: chokepoint
- License: gpl-2.0
- Created: 2014-02-14T00:52:05.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2024-03-07T22:27:51.000Z (8 months ago)
- Last Synced: 2024-04-08T20:14:02.949Z (7 months ago)
- Language: C
- Size: 26.4 KB
- Stars: 759
- Watchers: 60
- Forks: 178
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Azazel
#### V 0.1
> The whole earth has been corrupted through the works that were taught by Azazel: to him ascribe all sin. -- 1 Enoch 2:8
---
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
### Features
* Anti-debugging
* Avoids unhide, lsof, ps, ldd detection
* Hides files and directories
* Hides remote connections
* Hides processes
* Hides logins
* PCAP hooks avoids local sniffing
* Two accept backdoors.
* [Crypthook](https://github.com/chokepoint/CryptHook) encrypted accept() backdoor -- Full PTY
* Plaintext accept() backdoor -- Full PTY
* PAM backdoor for local privesc and remote entry
* Log cleanup for utmp/wtmp entries based on pty
Using netcat to communicate with a remote PTY isn't the best idea. See below for a better PTY client written by [InfoDox](https://github.com/infodox), or use socat with a command similar to the following and then just paste the password into the session, otherwise socat send the first char making the passwords not match.
> socat -,raw,echo=0 TCP:target:port,bind=:61040
### Links
* [Better PTY Client](https://github.com/infodox/python-pty-shells/blob/master/tcp_pty_shell_handler.py)
### Disclaimer
The authors are in no way responsible for any illegal use of this software. It is provided purely as an educational proof of concept. We are also not responsible for any damages or mishaps that may happen in the course of using this software. Use at your own risk.