bROOTus

bROOTus is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32. The rootkit is dedicated to educational purposes and is intended to point out some mechanisms on how to manipulate data structures and hook functions in the kernel in order to achieve certain tasks such as file hiding, module hiding, process hiding, socket hiding, packet hiding, keylogging and privilege escalation from within the kernel.

Documentation

The documentation in PDF format is available here

Quick start

Make sure you are running a vanilla Linux Kernel (version 2.6.32) and have installed the necessary build tools as well as the Linux header files.

# Build and insert the rootkit
make
insmod rootkit.ko

# Files beginning with "rootkit_" are hidden by default
# The rootkit module itself is hidden as well
# Please consult the documentation for more options

# Unload the module
mod_unhide() # Type this in a shell and press CTRL-C afterwards
rmmod rootkit

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
docs		docs
scripts		scripts
src		src
Makefile		Makefile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs

docs

scripts

scripts

src

src

Makefile

Makefile

README.md

README.md

Repository files navigation

bROOTus

Documentation

Quick start

About

Releases

Packages

Languages

dsmatter/brootus

Folders and files

Latest commit

History

Repository files navigation

bROOTus

Documentation

Quick start

About

Resources

Stars

Watchers

Forks

Languages