Simples Rootkit als Linux Kernel Modul. Soll als Skeleton für Kernel Module dienen, sowie einige Techniken der Kernel Rootkits aufzeigen.
Blogpost: https://leon-schmidt.dev/blog/wurzelbausatz
- C 94.3%
- Shell 3.2%
- Makefile 2.5%
| ioctl-client | ||
| src | ||
| .gitignore | ||
| ioctl.h | ||
| Kconfig | ||
| LICENSE | ||
| make-install-nfs.sh | ||
| Makefile | ||
| Makefile.staging | ||
| README.md | ||
Wurzelbausatz Kernel Modul
Simple Rootkit as Linux Kernel Module with German flavor, which allows normal users to become root.
Just run echo "rk:get-root" > /dev/ttyWBS or echo 1 > /sys/kernel/wbs/get_root and your IDs are all set to 0.
Run cat /sys/kernel/wbs/get_root to get the privesc count done with this module.
It also has some more features like controlling on-board LEDs. Get a german manual with: cat /dev/ttyWBS.
Source: https://0x00sec.org/t/kernel-rootkits-getting-your-hands-dirty/1485
Build with DKMS
Todo!
Build manually (examples)
Build for your running kernel:
- Install your kernel sources (e.g. via package manager)
make[INSTALL_MOD_PATH=<path-to-rootfs>] make install
Build with cross-compilation for ARM:
- Download kernel sources to
<path-to-kernel-sources> - Configure defconfig, etc. in
<path-to-kernel-sources> ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- KERNEL_DIR=<path-to-kernel-sources> make(adjust cross-compiler if required)ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- KERNEL_DIR=<path-to-kernel-sources> INSTALL_MOD_PATH=<path-to-rootfs> make install
Build within kernel sources:
- Download kernel sources to
<path-to-kernel-sources> - Clone this repo into
<path-to-kernel-sources>/drivers/staging/wurzelbausatz - Configure defconfig, etc. in
<path-to-kernel-sources> - Activate the staging module in
make menuconfig ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- make modules