Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.
- Avoids unhide, lsof, ps, ldd detection
- Hides files and directories
- Hides remote connections
- Hides processes
- Hides logins
- PCAP hooks avoid local sniffing
- Two accept backdoors with full PTY shells.
- Crypthook encrypted accept() backdoor
- Plaintext accept() backdoor
- PAM backdoor for local privesc and remote entry
- Log cleanup for utmp/wtmp entries based on pty
- Uses xor to obfuscate static strings
As with anything of this nature, it’s recommended you check the source-code/run it in a safe environment etc. But if I have to emphasise stuff like that, this is probably the wrong site for you.
You can grab Azazel from Github here:
git clone https://github.com/chokepoint/azazel.git
Or read more here.
- LSAT – Linux Security Auditing Tool
- BackBox Linux – Penetration Testing LiveCD
- Tiger – Unix Security Audit & Intrusion Detection Tool
- Sophos Offers Free Rootkit Detection Tool/Software
- A Look Back At 2014 – Tools & News Highlights
- Trafscrambler – Anti-sniffer/IDS Tool
Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 139,015 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 126,364 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 101,000 views