You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md
+2-7Lines changed: 2 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -79,8 +79,6 @@ We can leverage the ability to load Apache2 modules to load our own rootkit modu
79
79
80
80
Command injection vulnerabilities allow attackers to execute arbitrary commands on the target operating system.
81
81
82
-
To achieve this, we will be using the apache-rootkit module that can be found here: https://github.com/ChristianPapathanasiou/apache-rootkit
83
-
84
82
Apache-rootkit is a malicious Apache module with rootkit functionality that can be loaded into an Apache2 configuration with ease and with minimal artifacts.
85
83
86
84
The following procedures outline the process of setting up the apache-rootkit module on a target Linux system:
@@ -97,10 +95,7 @@ The following procedures outline the process of setting up the apache-rootkit mo
97
95
98
96
cd /tmp
99
97
100
-
1. The next step will involve cloning the apache-rootkit repository on to the target system, this can be done by running the following command:
1. The next step will involve cloning the apache-rootkit repository on to the target system.
104
99
1. After cloning the repository you will need to navigate to the “apache-rootkit” directory:
105
100
106
101
cd apache-rootkit
@@ -215,4 +210,4 @@ Given that the target server is running the LAMP stack, we can create a PHP mete
215
210
216
211
![Meterpreter session receiving connection from Commix PHP backdoor](meterpreter-session-receiving-connection-from-commix-php-backdoor.png"Meterpreter session receiving connection from Commix PHP backdoor")
217
212
218
-
We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session.
213
+
We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session.
0 commit comments