search

reveng007 / reveng_rtkit

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html
MIT License
230 stars 49 forks source link

Linux Kernel Sockets #2

Open reveng007 opened 2 years ago

reveng007 commented 2 years ago

Adding Linux Kernel Sockets to this LKM rootkit, so that this rootkit acts as an all-rounder. Both, as a LKM rootkit as well as stealthy C2 Server.

loneicewolf commented 1 year ago

posting here as well, just to make sure it comes across - what do you specifically want kernel sockets to achieve? :) https://github.com/reveng007/reveng_rtkit/issues/11#issue-1559846247

reveng007 commented 1 year ago

Sorry for being vague. Actually that would be C2 client, so that our C2 server listening on target gets automatically connected to the lkm whenever it comes online.

Actually, i want to eradicate the use of revshell to get a shell in the victim machine.

Does this sound familiar now?

loneicewolf commented 1 year ago

Yes I think that makes sense now, (+1 for mentioning the revshell ) thanks! if I have more questions I'll ask.