QuokkaLight / rkduck

Linux v4.x.x Rootkit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

rkduck - Rootkit for Linux v4 Build Status

rkduck is a Loadable Kernel Module rootkit for the latest Linux Kernels v4. This is still a work in progress.

Features

  • Stealth
    • Hide files, directories, processes
  • Communication
    • SSH
    • Direct shell (unencrypted)
    • Reverse shell (unencrypted)
  • Keylogger
    • Recording of the keystrokes of every user.
    • Information sent periodically
  • Crumbs
    • A user space CLI program allowing the user to control the rootkit configuration during its execution
    • Requires an authentication to be used (hardcoded key stored in rduck, the configuration section has more information about it)

Tests

At the moment we didn't get the chance to test our rootkit on different versions of Linux to make sure everything is working as intended. If you want to report a bug feel free to create an issue or send us an email at quokkalight@gmail.com.

Contributors

  • mpgn - Twitter

  • RainbowLyte - Twitter

                   _.._
                  /   a\__,
                  \  -.___/
                   \  \
              (\____)  \
          |\_(         ))
     _____|   (_        /________
          _\____(______/__
               ______
    

About

Linux v4.x.x Rootkit


Languages

Language:C 84.1%Language:C++ 12.8%Language:Shell 2.4%Language:Makefile 0.7%