CES Posted February 16, 2014 Report Share Posted February 16, 2014 Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.Anti-debuggingAvoids unhide, lsof, ps, ldd detectionHides files and directoriesHides remote connectionsHides processesHides loginsPCAP hooks avoid local sniffingTwo accept backdoors with full PTY shells.Crypthook encrypted accept() backdoorPlaintext accept() backdoorPAM backdoor for local privesc and remote entryLog cleanup for utmp/wtmp entries based on ptyUses xor to obfuscate static stringsAzazel - Security101 - Blackhat Techniques - Hacking Tutorials - Vulnerability Research - Security Tools Quote Link to comment Share on other sites More sharing options...
John.Wayne. Posted April 2, 2014 Report Share Posted April 2, 2014 doar 3 posturi ? hmm a testat cineva ? Quote Link to comment Share on other sites More sharing options...
bilythekid Posted April 17, 2014 Report Share Posted April 17, 2014 l-am incercat eu si imi da asta:root@WarHead:~/azazel# makecc -fPIC -g -c azazel.c pam.c xor.c crypthook.c pcap.cpam.c:8:31: fatal error: security/pam_appl.h: No such file or directorycompilation terminated.make: *** [libselinux.so] Error 1root@WarHead:~/azazel# ce parere aveti? Quote Link to comment Share on other sites More sharing options...
Gushterul Posted April 17, 2014 Report Share Posted April 17, 2014 Instaleaza pam-devel Quote Link to comment Share on other sites More sharing options...