Awesome-Mirrors/awesome-linux-rootkits
1
0
Fork 0
mirror of https://github.com/milabs/awesome-linux-rootkits.git synced 2025-02-01 18:45:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update rkduck.md

Browse Source
This commit is contained in:
Ilya V. Matveychikov 2018-07-04 13:49:08 +04:00 committed by GitHub
parent e938899b43
commit 23c95e7c68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
details/rkduck.md
View File

@ -57,3 +57,17 @@ Hooking of system calls by patching syscall-handlers in `sys_call_table[]`:
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/vfs.c#L157 (vfs_hijacked_proc_iterate) - https://github.com/linux-rootkits/rkduck/blob/master/rkduck/vfs.c#L157 (vfs_hijacked_proc_iterate)
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/vfs.c#L78 (vfs_hijacked_proc_filldir) - https://github.com/linux-rootkits/rkduck/blob/master/rkduck/vfs.c#L78 (vfs_hijacked_proc_filldir)
## Keylogger
Keylogger is implemented using `register_keyboard_notifier()`:
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/keylogger.c#L204
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/keylogger.c#L72 (keylogger_notify)
Logged keystrokes are saved in file which periodically being sent to remote hos using `scp`:
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/keylogger.c#L181 (keylogger_init)
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/keylogger.c#L64 (writing to the file...)
- https://github.com/linux-rootkits/rkduck/blob/master/rkduck/keylogger.c#L32 (sending with `scp`)
## Backdoor
...