Difference between revisions of "Jynx Rootkit/2.0"
| Line 47: | Line 47: | ||
| $$$$$$/ | | $$$$$$/ | ||
\______/ | \______/ | ||
| + | </strong> | ||
| + | =Configuration Options in Config.h= | ||
| + | * MAGIC_STRING | ||
| + | * MAGIC_GID | ||
| + | * MAGIC_DIR | ||
| + | * CONFIG_FILE | ||
| + | * LIBC_PATH | ||
| + | |||
| + | First of all, you need to dig into config.h, and ensure that the settings meet your needs. | ||
| + | MAGIC_STRING should be changed to the name of the directory you want to hide from the system. This can | ||
| + | be used as a prefix to your main directory as well as for files. MAGIC_GID will be the Group ID to | ||
| + | hide as well. Make sure that you set MAGIC_DIR Group ID to MAGIC_GID for hiding purposes as well. | ||
| + | This will help disguise the processes from the system, including commands like ps. CONFIG_FILE | ||
| + | defaults to ld.so.preload, which is usually located in /etc. You shouldn't have to change this | ||
| + | unless you're going to dig a little deeper into hiding Jynx-Kit. MAGIC_ACK and MAGIC_SEQ have been | ||
| + | dropped in Jynx2, since the new backdoor hooks accept() system call, and still includes SSL support. | ||
| + | After installing Jynx2, ensure that you restart the daemon that you want to use as the backdoor. | ||
| + | |||
| + | =Download & Installation= | ||
| + | |||
| + | =Troubleshooting= | ||
| − | |||
| − | |||
=Older Versions= | =Older Versions= | ||
Revision as of 06:09, 15 March 2012
|
Jynx2 is an expansion of the original Jynx LD_Preload rootkit written in C with several modifications for multi-factor authentication, a more compatible shell drop, and additional hiding features. |
_ _,.-.' .-.
_ .' |,' ."".| |.""._
( || ,',"". `._`' ` ' `.
`\ | `" .-"`-..` . `.
| `..--.._ | \
_,| _...'_.' ,+. `.
,""'| `...-'..""(__.._ -" `"--.. `.
|`._,' ,' /\ .'""` .'""`. `. | `. \
' / / / || || |.`.`. . | \
`.__,'-._' /|` -"' `-.' \ \ \ `"-' \
' `. / /_| | |'""| | .-""'`'"`-,.-"\ .
. / .\ . / | | `._.' || ,' \ \
' / / |/ /_.-+._`-..--"-. . . \ `
/ /.' ' ,'""'-. `"."'""'`.. |. \ \
/ . | j . . | |\__," |. ` ' \
. | | | | ' | '| | ' ` \ \ .
| | | `.____,' ..____,' | | . \
| | | | ._ _..---._ _,' | . '
| | | | | "" . |`"' \ `.| ' ' ' .
| | | | | | | ` ` . . \ |
| | | | | ' | \ `. | | . |
' ' | | | . ` \ \ | | | |
\ ` | | | . `. | | | |
\ \ ' | ` ' ` `+..|___|___|_........
\ \ \| ' . `. `. |
`. \ . . ` `. `-. .'
_,'`. \' . \ `-.._ `._ ,'
_." `._ `.` | . `._ .
`._ _,`"--`. | . `. |
`-._ ,' | `. `|_
,' | | `. `.
.' __...__.| | \ __..._ _,..,.__ `.
`-`"' `._..--'-.__ .' `-..' ``'"--..-'
`"---'
/$$$$$ /$$ /$$ /$$ /$$
|__ $$ | $$ /$$/|__/ | $$
| $$ /$$ /$$ /$$$$$$$ /$$ /$$ | $$ /$$/ /$$ /$$$$$$
| $$| $$ | $$| $$__ $$| $$ /$$//$$$$$$| $$$$$/ | $$|_ $$_/
/$$ | $$| $$ | $$| $$ \ $$ \ $$$$/|______/| $$ $$ | $$ | $$
| $$ | $$| $$ | $$| $$ | $$ >$$ $$ | $$\ $$ | $$ | $$ /$$
| $$$$$$/| $$$$$$$| $$ | $$ /$$/\ $$ | $$ \ $$| $$ | $$$$/
\______/ \____ $$|__/ |__/|__/ \__/ |__/ \__/|__/ \___/
/$$ | $$
| $$$$$$/
\______/
Contents
Configuration Options in Config.h
- MAGIC_STRING
- MAGIC_GID
- MAGIC_DIR
- CONFIG_FILE
- LIBC_PATH
First of all, you need to dig into config.h, and ensure that the settings meet your needs.
MAGIC_STRING should be changed to the name of the directory you want to hide from the system. This can be used as a prefix to your main directory as well as for files. MAGIC_GID will be the Group ID to hide as well. Make sure that you set MAGIC_DIR Group ID to MAGIC_GID for hiding purposes as well. This will help disguise the processes from the system, including commands like ps. CONFIG_FILE defaults to ld.so.preload, which is usually located in /etc. You shouldn't have to change this unless you're going to dig a little deeper into hiding Jynx-Kit. MAGIC_ACK and MAGIC_SEQ have been dropped in Jynx2, since the new backdoor hooks accept() system call, and still includes SSL support. After installing Jynx2, ensure that you restart the daemon that you want to use as the backdoor.
