Skip to content

[update] Linux Red Team Defense Evasion - Rootkits #7370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Rajakavitha1 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[update] Linux Red Team Defense Evasion - Rootkits #7370

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions ...uides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,6 @@ We can leverage the ability to load Apache2 modules to load our own rootkit modu

Command injection vulnerabilities allow attackers to execute arbitrary commands on the target operating system.

To achieve this, we will be using the apache-rootkit module that can be found here: https://github.com/ChristianPapathanasiou/apache-rootkit

Apache-rootkit is a malicious Apache module with rootkit functionality that can be loaded into an Apache2 configuration with ease and with minimal artifacts.

The following procedures outline the process of setting up the apache-rootkit module on a target Linux system:
Expand All @@ -97,10 +95,7 @@ The following procedures outline the process of setting up the apache-rootkit mo

cd /tmp

1. The next step will involve cloning the apache-rootkit repository on to the target system, this can be done by running the following command:

git clone https://github.com/ChristianPapathanasiou/apache-rootkit.git

1. The next step will involve cloning the apache-rootkit repository on to the target system.
1. After cloning the repository you will need to navigate to the “apache-rootkit” directory:

cd apache-rootkit
Expand Down Expand Up @@ -215,4 +210,4 @@ Given that the target server is running the LAMP stack, we can create a PHP mete

![Meterpreter session receiving connection from Commix PHP backdoor](meterpreter-session-receiving-connection-from-commix-php-backdoor.png "Meterpreter session receiving connection from Commix PHP backdoor")

We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session.
We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session.
Loading