Jump to content
CES

Azazel linux rootkit - anti-debugging - anti-detection

By CES, in Programe hacking

Recommended Posts

CES Newbie

CES

Posted
Posted

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.

Anti-debugging

Avoids unhide, lsof, ps, ldd detection

Hides files and directories

Hides remote connections

Hides processes

Hides logins

PCAP hooks avoid local sniffing

Two accept backdoors with full PTY shells.

Crypthook encrypted accept() backdoor

Plaintext accept() backdoor

PAM backdoor for local privesc and remote entry

Log cleanup for utmp/wtmp entries based on pty

Uses xor to obfuscate static strings

Azazel - Security101 - Blackhat Techniques - Hacking Tutorials - Vulnerability Research - Security Tools

bilythekid Newbie

bilythekid

Posted
Posted

l-am incercat eu si imi da asta:

root@WarHead:~/azazel# make

cc -fPIC -g -c azazel.c pam.c xor.c crypthook.c pcap.c

pam.c:8:31: fatal error: security/pam_appl.h: No such file or directory

compilation terminated.

make: *** [libselinux.so] Error 1

root@WarHead:~/azazel#

ce parere aveti?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...