Giters

thebigcicca / HiddenGhost

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +

Repository from Github https://github.comthebigcicca/HiddenGhostRepository from Github https://github.comthebigcicca/HiddenGhost

linux-kernel-hackinglinux-kernel-modulelinux-rootkitlkmlkm-rootkitrootkitsyscallsyscall-hooksyscalls

HiddenGhost

Hidden Ghost is an new solution for find system call table with support for 5.7x kernels +. Hidden Ghost finds the syscall table via the kallsyms_lookup_name module with the <linux/kprobes.h> headder.

Before starting the explanation of how the rootkit works in depth I will explain the basics.

  • Tested On:

[✔️] Debian 12 6.7X amd64

  • Usage:

1) install the kernel headers:

sudo apt install linux-headers-$(uname -r)

2) Install Development Tools:

sudo apt install build-essential

3) Install the Kernel Development Kit:

sudo apt install linux-headers-$(uname -r) linux-source

4) Go to the /src directory:

cd src

5) Module Compilation:

make

6) Load the module:

sudo insmod main.ko

7) Check if the module has been loaded:

dmesg | tail -n 10

After these steps are completed, you should see this message:

HiddenGhost

link of articles:

Links to the repositories I based on:

About

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +

linux-kernel-hackinglinux-kernel-modulelinux-rootkitlkmlkm-rootkitrootkitsyscallsyscall-hooksyscalls

Languages

Language:C 81.0%Language:C++ 16.5%Language:Makefile 2.4%