Awesome-Mirrors
/
awesome-linux-rootkits
mirror of https://github.com/milabs/awesome-linux-rootkits.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reptile.md

This commit is contained in:
Ilya V. Matveychikov 2018-07-02 20:32:29 +04:00 committed by GitHub
parent 584fc8c348
commit ce30452f62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
details/reptile.md
View File

@ -32,6 +32,7 @@ Implemented via `kill(2)` by hooking `sys_call_table[__NR_kill]` entry. Supporte
Hooking of system calls by patching syscall-handlers in `sys_call_table[]`:
- to write to read-only page `CR0/WP` technique used (x86-only)
- netfilter hook (`NF_IP_PRI_FIRST`)
## Hiding (tampering) of file contents
@ -51,3 +52,10 @@ Filtering PID-like numeric entries while listing `/proc`:
- hidden tasks are marked using `task->flags` (bit `0x10000000`)
:exclamation: Not able to hide all threads and children of hidden (parent) process.
# Backdoor/shell
Reverse shell spawning by port-knocking-like technique:
- `ICMP/UDP/TCP` port-knocking
- spawning root-shell connection to remote host