LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-01-2004, 12:38 AM   #1
GodSendDeath
Member
 
Registered: Mar 2004
Posts: 71

Rep: Reputation: 15
LKM rootkit help


Can someone point me into the direct of a basic LKM rootkit? One that works for the 2.4/2.6 kernels and is easy to understand? I get the basic concept but im looking for one that easily shows a hacked sys_getdents system call that works! thanks!


-GSD
 
Old 05-01-2004, 11:49 AM   #2
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
it's really pretty simple.. just combine the techniques explained in the 2nd paper with the method of function hijacking in the first paper. the sys_call table isn't exported in some newer versions of the kernel, so u use the overwriting method of function hijacking to overwrite first X bytes where the system call lives at as outlined in 2nd paper

http://www.rfxnetworks.com/docs/kernel-hijack.txt
http://www.thc.org/papers/LKM_HACKING.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
where can I get rootkit ?? iamthewind Linux - Security 21 05-04-2008 01:57 PM
rootkit? basilogics Linux - Software 2 08-19-2005 08:16 AM
Possible rootkit? bleunuit Linux - Security 4 05-18-2005 03:21 PM
rootkit? linuxtesting2 Linux - Security 3 12-06-2004 08:43 AM
How to get rid of rootkit.. gunz Linux - Security 6 10-14-2002 06:29 PM


All times are GMT -5. The time now is 08:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration