Concluding Remarks
The purpose of this chapter (believe it or not) wasn't to badmouth HIDSes, but rather to demonstrate what you can achieve by combining the techniques described throughout this book. Just for fun, here is another example.
Combine the icmp_input_hook
code from Chapter 2 with portions of the execve_hook
code from this chapter to create a "network trigger" capable of executing a user space process, such as netcat
, to spawn a backdoor root shell. Then, combine that with the process_hiding
and port_hiding
code from Chapter 3 to hide the root shell and connection. Include the module hiding routine from this chapter to hide the rootkit itself. And just to be safe, throw in the getdirentries_hook
code for netcat
.
Of course, this rootkit ...
Get Designing BSD Rootkits now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.