Skip to content

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

License

chokepoint/azazel

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Feb 14, 2014
Feb 14, 2014
Feb 14, 2014
Feb 14, 2014
Feb 14, 2014
Feb 14, 2014
Feb 14, 2014

Azazel

V 0.1

The whole earth has been corrupted through the works that were taught by Azazel: to him ascribe all sin. -- 1 Enoch 2:8


Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

Features

  • Anti-debugging
  • Avoids unhide, lsof, ps, ldd detection
  • Hides files and directories
  • Hides remote connections
  • Hides processes
  • Hides logins
  • PCAP hooks avoids local sniffing
  • Two accept backdoors.
  • Crypthook encrypted accept() backdoor -- Full PTY
  • Plaintext accept() backdoor -- Full PTY
  • PAM backdoor for local privesc and remote entry
  • Log cleanup for utmp/wtmp entries based on pty

Using netcat to communicate with a remote PTY isn't the best idea. See below for a better PTY client written by InfoDox, or use socat with a command similar to the following and then just paste the password into the session, otherwise socat send the first char making the passwords not match.

socat -,raw,echo=0 TCP:target:port,bind=:61040

Links

Disclaimer

The authors are in no way responsible for any illegal use of this software. It is provided purely as an educational proof of concept. We are also not responsible for any damages or mishaps that may happen in the course of using this software. Use at your own risk.

About

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published