LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.
4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4d
Whitepaper discussing the exploitation of buffer overflows on Linux x86_64. It demonstrates techniques to bypass PaX and ASLR protection and includes two proof of concept exploits. Written in Spanish.
e76b4cb8d12c64ae47f45baf42646fd6bd757ea41e372a006a142a0e71d65ca4
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
35ea2786343f647b5d0d1506a2ce375502622f51df18479aad20afe05b4ce18e
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
607c945eb9e8b7760b860b7afda9a0934239a23077685c3bdc98f93518e535f0
Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3.
7c69399dd7f5a08de186e149072b4b0ffad0e4adecf6598bc7fb8d45d8cc6354
BitchX v1.0c16 remote exploit. Tested against Redhat 6.0, 7.0, and Debian 2.2.
f60db0f8af808e077c41cddcfbc5286c210560d141961d680824e2410e37b026
BitchX (75p3/1.0c16) local exploit.
aa40b281d2c006cac231c6c8505bc1727b23ce226626ce92283f8b3ea00b8bec
PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.
f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f