Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:134021490040098714
HistoryNov 01, 2017 - 1:30 p.m.

Diamorphine - LKM Rootkit for Linux Kernels 2.6.x/3.x/4.x

2017-11-0113:30:00
www.kitploit.com
311

9 High

AI Score

Confidence

High

JSON

Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x

Features

  • When loaded, the module starts invisible;

  • Hide/unhide any process by sending a signal 31;

  • Sending a signal 63(to any pid) makes the module become (in)visible;

  • Sending a signal 64(to any pid) makes the given user become root;

  • Files or directories starting with the MAGIC_PREFIX become invisble;

  • Source: <https://github.com/m0nad/Diamorphine&gt;

Install
Verify if the kernel is 2.6.x/3.x/4.x

uname -r

Clone the repository

git clone https://github.com/m0nad/Diamorphine

Enter the folder

cd Diamorphine

Compile

make

Load the module(as root)

insmod diamorphine.ko

Uninstall
The module starts invisible, to remove you need to make its visible

kill -63 0

Then remove the module(as root)

rmmod diamorphine

References
Wikipedia Rootkit <https://en.wikipedia.org/wiki/Rootkit&gt;
Linux Device Drivers <http://lwn.net/Kernel/LDD3/&gt;
LKM HACKING <https://www.thc.org/papers/LKM_HACKING.html&gt;
Memset’s blog <http://memset.wordpress.com/&gt;
Linux on-the-fly kernel patching without LKM <http://phrack.org/issues/58/7.html&gt;
WRITING A SIMPLE ROOTKIT FOR LINUX <http://big-daddy.fr/repository/Documentation/Hacking/Security/Malware/Rootkits/writing-rootkit.txt&gt;
Linux Cross Reference <http://lxr.free-electrons.com/&gt;

Download Diamorphine

9 High

AI Score

Confidence

High

JSON