Mac OS X rootkit - Support multiple kernel versions and gives root privileges - Hacking Tools Download Download Hacking Tools at 'Tools Yard': Mac OS X rootkit - Support multiple kernel versions and gives root privileges

Mac OS X rootkit - Support multiple kernel versions and gives root privileges

Labels:
, , ,

Today, a 64bit Mac OS-X kernel rootkit has been released by prdelka from NullSecurity. It supports: multiple kernel versions, give root privileges, hide files / folders, hide process, hide user from 'who'/'w', hide network port, sysctl interface for userland control, execute a binary with root privileges via magic ICMP ping. See backdoor section.

64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion & below but requires re-working for hooking under Mountain Lion.

currently supports:
* works across multiple kernel versions (tested 11.0.0+)
* give root privileges to pid
* hide files / folders
* hide a process
* hide a user from 'who'/'w'
* hide a network port from netstat
* sysctl interface for userland control
* execute a binary with root privileges via magic ICMP ping

 Download Mac OS X rootkit - rubilyn-0.0.1.tar.gz


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Wednesday, October 10, 2012  

The Hacker News - Daily Updates