Reptile: The Ultimate Rootkit, Full Guide

ice-wzl
6 min readDec 3, 2021

There are a variety of Linux rootkits in the wild, however, after testing upwards of 15 none come close to Reptile. Created by the GitHub user f0rb1dd3n, it is a formidable foe. In this guide, we will install, configure, exploit, and uninstall Reptile.

Installation:

The installation process requires two machines, one to serve as the attack box, and the second as the victim machine. Both are running Debian 10 Kernel 4.19.208–1 For this I chose to use Linode, which is a top-rated VPS provider:

https://www.linode.com/

After provisioning your VPS’s we are ready to begin. First, start by updating and upgrading both VPS’s. Once that is complete ensure git and make are installed on both machines as well.

apt update
apt upgrade -y
apt install git
apt install make

For this demo, my attack box hostname will be attack and it will have an IP address of:

172.105.135.62 #attack box IP address

The victim machine will have a hostname of victim and an IP address of:

172.105.135.234 #victim box IP address

We will conduct the initial configuration on both machines as to not have to repeat steps later. Start by installing the dependencies based on your…

--

--

ice-wzl
ice-wzl

Written by ice-wzl

Reverse Engineer, Red Teamer, CTF fan & creator

No responses yet