Open reveng007 opened 2 years ago
How will the operator(the person who controls the rootkit) "get" the root shell? for example, is the below what you expect or ?
$ echo "give_me_root_shell | md5sum" > /dev/rootkit
it gives you a root shell?note, I just made this example up. There is loads of ways to "do this" and I just wanted to make sure I understood the goal you wanted to achieve. :)
if this is incorrect, maybe you could make a 1,2,3 list of what the function will do? like
Okay...
I tried that scenario i.e. using chardev to get root priv.
But I was unable to do so.
I performed system call interception to achieve this in reveng_rtkit
, to get root shell
You can refer to my blog: https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html (Move down to part 6)
@reveng007 Okay, thanks, ill check that 🍵.
This rootkit is capable of providing rootshell to only bash and sh shell, not others. Although, it is possible for other shells as well but with some tricks. We can use system() C function alike function in Linux Kernel programming, so that we 1st trigger a bash/sh shell then offer rootshell to the attacker. I haven't got that type of kernel function till now, but as soon as I get it, I will add it up. If anybody viewing this know about this, or interested to contribute, are most welcome to make a pull request.