There are a variety of Linux rootkits in the wild, however, after testing upwards of 15 none come close to Reptile. Created by the GitHub user f0rb1dd3n, it is a formidable foe. In this guide, we will install, configure, exploit, and uninstall Reptile.
Installation:
The installation process requires two machines, one to serve as the attack box, and the second as the victim machine. Both are running Debian 10 Kernel 4.19.208–1 For this I chose to use Linode, which is a top-rated VPS provider:
After provisioning your VPS’s we are ready to begin. First, start by updating and upgrading both VPS’s. Once that is complete ensure git and make are installed on both machines as well.
apt update
apt upgrade -y
apt install git
apt install make
For this demo, my attack box hostname will be attack and it will have an IP address of:
172.105.135.62 #attack box IP address
The victim machine will have a hostname of victim and an IP address of:
172.105.135.234 #victim box IP address
We will conduct the initial configuration on both machines as to not have to repeat steps later. Start by installing the dependencies based on your…