14 February 2014 | 2,572 views

Azazel – Userland Anti-debugging & Anti-detection Rootkit

Check For Vulnerabilities with Acunetix

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.

Azazel Rootkit

Features

  • Anti-debugging
  • Avoids unhide, lsof, ps, ldd detection
  • Hides files and directories
  • Hides remote connections
  • Hides processes
  • Hides logins
  • PCAP hooks avoid local sniffing
  • Two accept backdoors with full PTY shells.
    • Crypthook encrypted accept() backdoor
    • Plaintext accept() backdoor
  • PAM backdoor for local privesc and remote entry
  • Log cleanup for utmp/wtmp entries based on pty
  • Uses xor to obfuscate static strings

As with anything of this nature, it’s recommended you check the source-code/run it in a safe environment etc. But if I have to emphasise stuff like that, this is probably the wrong site for you.

You can grab Azazel from Github here:

Or read more here.

Advertisements



Recent in Linux Hacking:
- unix-privesc-check – Unix/Linux User Privilege Escalation Scanner
- Parrot Security OS – Debian Based Security Oriented Operating System
- SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD

Related Posts:
- Sophos Offers Free Rootkit Detection Tool/Software
- A Look Back At 2014 – Tools & News Highlights
- Trafscrambler – Anti-sniffer/IDS Tool

Most Read in Linux Hacking:
  • Kon-Boot – Reset Windows & Linux Passwords - 137,826 views
  • Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 125,897 views
  • BackTrack v2.0 – Hackers LiveCD Finally Released - 100,791 views


  • Low-cost VPS Hosting

    Comments are closed.