EvilZone

Hacking and Security => High Quality Tutorials => : Stackprotector April 10, 2014, 10:17:46 AM

: Modern Linux Rootkits by TurboBorland
: Stackprotector April 10, 2014, 10:17:46 AM

Hi guys,

I have been working on some rootkitting lately and after some hours of LKM hacking i found TurboBorland's his great tutorial on modern linux rootkits. He's a great guy so if you like it don't bother getting on IRC and tell him you love him.

Tutorials:
http://turbochaos.blogspot.de/2013/09/linux-rootkits-101-1-of-3.html
http://turbochaos.blogspot.de/2013/10/writing-linux-rootkits-201-23.html
http://turbochaos.blogspot.de/2013/10/writing-linux-rootkits-301_31.html

: Re: Modern Linux Rootkits by TurboBorland
: Bytebybyte April 25, 2014, 02:36:19 PM

Wow! Really good stuff. A nice diversion from the stereotypical hacking articles.

: Re: Modern Linux Rootkits by TurboBorland
: proxx April 25, 2014, 02:49:35 PM

We all love Turboborland our favo IRC faggot :)

: Re: Modern Linux Rootkits by TurboBorland
: Architect April 25, 2014, 10:18:42 PM

Wow, it's been so long since anybody mentioned LD_PRELOAD, I thought it was fixed by kernels by now. Idk if you can even fix it, I just know that's a great way to write a rootkit.

Also worth mentioning that the setuid() setgid() thing still works but a lot of kernels are harder to fool. I tested this recently on my own box and LD_PRELOAD does not work on my kernel (3.13.9).