Skip to content

W4RH4WK/THOR

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
doc
doc
 
 
src
src
 
 
util
util
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

THOR

The Horrific Omnipotent Rootkit - or something like that, targeted at kernel 3.17 (archlinux LTS at the time of writing).

Requirements

Apart from the linux kernel headers, the linux source code is required in order to build this rootkit since unexported code is used.

Just make sure /usr/src/linux points to the linux source directory of the target kernel. Or you could simply change the Makefile.

How to Setup (Arch)

# pacman -S abs linux-headers
# abs
# cd /var/abs/core/linux
# makepkg -o --asroot
# ln -s /var/abs/core/linux/src/linux-3.17 /usr/src/linux

How to Build

$ cd /path/to/thor
$ make
# insmod thor.ko

How to Use

usage:
   echo hp PID    > /proc/thor (hides process PID)
   echo up PID    > /proc/thor (unhides process PID)
   echo upa       > /proc/thor (unhide all PIDs)
   echo hm MODULE > /proc/thor (hide module)
   echo um MODULE > /proc/thor (unhide module)
   echo uma       > /proc/thor (unhide all modules)
   echo root      > /proc/thor (gain root privileges)

Authors

  • Franz-Josef Haider
  • Alex Hirsch

Acknowledgement

About

The Horrific Omnipotent Rootkit

Resources

Readme

License

GPL-3.0 license
Activity

Stars

23 stars

Watchers

8 watching

Forks

18 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages