Karthus LKM rootkit

Karthus is a part of my graduate project for the excellence program for teenagers called "Academy and industry" provieded by the teenagers academic unit of the Weizmann Institute of Science

what is it doing?

save keystrokes in spesific file (keylogger)

hide and unhide from lsmod

cover the tracks by cleaning code segments

remove the module from /sys/modules directory

hide tcp connections by port (only ipv4, ill add ipv6 later)

hide files by name

hide processes by pid

How to use:

1. edit the rootkit settings to your peferencs (by modify the HIDE_ME (in file.h), proc_pid_to_hide (in proc.h) and PORT_HIDE in network.h)
2. compile the file by type make
3. run: sudo insmod rootkit.ko

TODO:

edit the tool hanuleing by commands(now its just run by defulat settings)

hide packet using hooks of packet_rcv

add anti gdb fetures

made it more readable by .h and .c

add option to give root privileges to regular user

Tested on linux 5.4, ubuntu 20

note: this is an education project! do not use it for illegal things