Adding a malicious system call to the Linux kernel
Posted by Tariq • Thursday, December 11. 2008 • Category: Security
Today I am adding a malicious system call to the Linux kernel which will allow the caller to do something they cannot normally do in user mode. When attacking a Linux box our goal is usually to become root; as root we can do anything we like, so the system call I will add to the Linux kernel gives the caller real and effective user ids of zero.
There are relatively few tutorials out there on how to do this, unfortunately there a little differences between versions of Linux that can easily stump beginners, so this tutorial tries to give you an environment which you can easily replicate using a virtual machine and go through the tutorial.
There are relatively few tutorials out there on how to do this, unfortunately there a little differences between versions of Linux that can easily stump beginners, so this tutorial tries to give you an environment which you can easily replicate using a virtual machine and go through the tutorial.
Continue reading "Adding a malicious system call to the Linux kernel"
Defined tags for this entry: computer security, kernel, linux, mssf, opensuse, rootkit, security, system call, virtual pc
Fri, 16.07.2010 21:48
Nvm my last comment, it works for 7.... but when i [...]