There are a variety of Linux rootkits in the wild, however, after testing upwards of 15 none come close to Reptile. Created by the GitHub user f0rb1dd3n, it is a formidable foe. In this guide, we will install, configure, exploit, and uninstall Reptile.
Installation:
The installation process requires two machines, one to serve as the attack box, and the second as the victim machine. Both are running Debian 10 Kernel 4.19.208–1 For this I chose to use Linode, which is a top-rated VPS provider:
After provisioning your VPS’s we are ready to begin. First, start by updating and upgrading both VPS’s. Once that is complete ensure git and make are installed on both machines as well.
apt update
apt upgrade -y
apt install git
apt install makeFor this demo, my attack box hostname will be attack and it will have an IP address of:
172.105.135.62 #attack box IP addressThe victim machine will have a hostname of victim and an IP address of:
172.105.135.234 #victim box IP addressWe will conduct the initial configuration on both machines as to not have to repeat steps later. Start by installing the dependencies based on your…
