Skip to content

thebigcicca/HiddenGhost

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 
 
 

Repository files navigation

HiddenGhost

Hidden Ghost is an new solution for find system call table with support for 5.7x kernels +. Hidden Ghost finds the syscall table via the kallsyms_lookup_name module with the <linux/kprobes.h> headder.

Before starting the explanation of how the rootkit works in depth I will explain the basics.

  • Tested On:

[✔️] Debian 12 6.7X amd64

  • Usage:

1) install the kernel headers:

sudo apt install linux-headers-$(uname -r)

2) Install Development Tools:

sudo apt install build-essential

3) Install the Kernel Development Kit:

sudo apt install linux-headers-$(uname -r) linux-source

4) Go to the /src directory:

cd src

5) Module Compilation:

make

6) Load the module:

sudo insmod main.ko

7) Check if the module has been loaded:

dmesg | tail -n 10

After these steps are completed, you should see this message:

HiddenGhost

link of articles:

Links to the repositories I based on:

About

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published