/CSE509-Rootkit

After attackers manage to gain access to a remote (or local) machine and elevate their privileges to "root", they typically want to maintain their access, while hiding their presence from the normal users and administrators of the system. This basic rootkit works on the Linux operating system and is a loadable kernel module which when loaded into the kernel (by the attacker with root privileges) will do the following: 1) Hide specific files and directories from showing up when a user does "ls" and similar commands 2) Modify the /etc/passwd and /etc/shadow file to add a backdoor account while returning the original contents of the files (pre-attack) when a normal user requests to see the file 3) Hides processes from the process table when a user does a "ps" 4) Give the ability to a malicious process to elevate its uid to 0 (root) upon demand

Primary LanguageC

No issues in this repository yet.