tag:blogger.com,1999:blog-6806868022885060269.post1047901732650663711..comments2023-11-02T11:15:48.651-03:00Comments on Average coder: Linux rootkit implementationAverage Coderhttp://www.blogger.com/profile/11661490046382270751noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-6806868022885060269.post-42898769756177379342022-02-15T04:53:43.015-03:002022-02-15T04:53:43.015-03:00Thank you - Just shared this post with a colleague...Thank you - Just shared this post with a colleague who would benefit from reading this, really enjoyed it. You can also check about <a href="https://elstel.org/debcheckroot/" rel="nofollow">rootkit Debian</a> from elstel.orgAnonymoushttps://www.blogger.com/profile/14241919241414038907noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-19914364828848990322020-04-27T11:34:54.093-03:002020-04-27T11:34:54.093-03:00buy weed online georgia<a href="https://weediquettedispensary.org/product/buy-weed-online-georgia/" rel="nofollow">buy weed online georgia</a>ekunhttps://www.blogger.com/profile/13818522341071494311noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-52295720213198834192018-10-28T17:18:49.138-03:002018-10-28T17:18:49.138-03:00your blog is very informative thanks for the write...your blog is very informative thanks for the write up folow the links to get some nice insit <br /><a href="https://purechemsales.com/product/buy-carfentanil-online//" rel="nofollow">carfentanil for sale</a><br /><a href="https://http://purechemsales.com/product/liquid-injectable-ketamine/" rel="nofollow">KETAMINE for sale </a><br /><a href="https://http://purechemsales.com/product/buy-diphenidine-crystal/" rel="nofollow">Diphenidine for sale</a><br /><a href="https://http://purechemsales.com/buy-mmb-2201-online/" rel="nofollow">Buy MMB-2201 Online<br /></a>Anonymoushttps://www.blogger.com/profile/14013172818139680320noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-12955097032655627802016-06-18T10:28:31.677-03:002016-06-18T10:28:31.677-03:00I would like to once average coder rootkit is inje...I would like to once average coder rootkit is injected on to a machine what process name will be appearing in ps aux list as malicious (average coder) and what is the MD5 hashes. Average coder rootkit Anonymoushttps://www.blogger.com/profile/10529768422289366375noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-34351794781654852462013-10-18T11:27:21.567-03:002013-10-18T11:27:21.567-03:00FYI, hiding processes this way won't work for ...FYI, hiding processes this way won't work for recent kernels where proc_dir_entry is opaque structure (no definition inside include files).Unknownhttps://www.blogger.com/profile/10150298100567004966noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-76811384848823284492013-01-18T20:21:58.009-03:002013-01-18T20:21:58.009-03:00Thanks :-)Thanks :-)Anonymoushttps://www.blogger.com/profile/15107550037233259512noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-3959314469745859832012-08-10T11:37:56.910-03:002012-08-10T11:37:56.910-03:00Thanks for writing and releasing this! It is very...Thanks for writing and releasing this! It is very helpful to us security tool developers to have samples to examine and test against.<br /><br />I've just posted a memory image from a (test) system that I loaded your rootkit on:<br />http://secondlookforensics.com/linux-memory-images/Andrewhttps://www.blogger.com/profile/17419903394875490628noreply@blogger.comtag:blogger.com,1999:blog-6806868022885060269.post-75017637643625383842011-12-11T16:26:59.666-03:002011-12-11T16:26:59.666-03:00Me tira este error cuando trato de compilarlo en u...Me tira este error cuando trato de compilarlo en un Ubuntu<br /><br />$ make<br />make -C /lib/modules/3.0.0-13-generic/build M=/home/ecerutti/rk modules<br />make[1]: se ingresa al directorio «/usr/src/linux-headers-3.0.0-13-generic»<br /> CC [M] /home/ecerutti/rk/rootkit.o<br />/home/ecerutti/rk/rootkit.c: En la función ‘hook_proc’:<br />/home/ecerutti/rk/rootkit.c:493:5: error: declaración implícita de la función ‘path_lookup’ [-Werror=implicit-function-declaration]<br />cc1: algunos avisos se tratan como errores<br /><br />make[2]: *** [/home/ecerutti/rk/rootkit.o] Error 1<br />make[1]: *** [_module_/home/ecerutti/rk] Error 2<br />make[1]: se sale del directorio «/usr/src/linux-headers-3.0.0-13-generic»<br />make: *** [all] Error 2<br /><br />Estoy usando la última versión de Ubuntu <br /><br />$ cat /etc/lsb-release <br />DISTRIB_ID=Ubuntu<br />DISTRIB_RELEASE=11.10<br />DISTRIB_CODENAME=oneiric<br />DISTRIB_DESCRIPTION="Ubuntu 11.10"<br /><br />con un kernel 3.0.0<br /><br />$ uname -a<br />Linux dulcinea 3.0.0-13-generic #22-Ubuntu SMP Wed Nov 2 13:25:36 UTC 2011 i686 athlon i386 GNU/Linux<br /><br />tengo instalado los headers y las build-essentials<br /><br />$ dpkg -l | grep linux-header<br />ii linux-headers-3.0.0-13 3.0.0-13.22 Header files related to Linux kernel version 3.0.0<br />ii linux-headers-3.0.0-13-generic 3.0.0-13.22 Linux kernel headers for version 3.0.0 on x86/x86_64<br />ii linux-headers-generic 3.0.0.13.15 Generic Linux kernel headers<br /><br />$ dpkg -l | grep essential<br />ii build-essential 11.5ubuntu1 Informational list of build-essential packages<br /><br />Estuve googleando un poco en busca de alguna solución pero no vi nada útil.<br /><br />Saludos<br />EstebanAnonymoushttps://www.blogger.com/profile/05784915876272019884noreply@blogger.com