From 0867379f98c6a9beee58a51714682462e37ac4ab Mon Sep 17 00:00:00 2001 From: Rajakavitha Kodhandapani Date: Wed, 10 Dec 2025 15:21:22 +0530 Subject: [PATCH 1/2] Update index.md * removed the link to the repo: https://github.com/ChristianPapathanasiou/apache-rootkit.git --- .../linux-red-team-defense-evasion-rootkits/index.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md b/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md index 3c3991911ba..fc2cdefd86b 100644 --- a/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md +++ b/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md @@ -79,8 +79,6 @@ We can leverage the ability to load Apache2 modules to load our own rootkit modu Command injection vulnerabilities allow attackers to execute arbitrary commands on the target operating system. -To achieve this, we will be using the apache-rootkit module that can be found here: https://github.com/ChristianPapathanasiou/apache-rootkit - Apache-rootkit is a malicious Apache module with rootkit functionality that can be loaded into an Apache2 configuration with ease and with minimal artifacts. The following procedures outline the process of setting up the apache-rootkit module on a target Linux system: @@ -97,10 +95,7 @@ The following procedures outline the process of setting up the apache-rootkit mo cd /tmp -1. The next step will involve cloning the apache-rootkit repository on to the target system, this can be done by running the following command: - - git clone https://github.com/ChristianPapathanasiou/apache-rootkit.git - +1. The next step will involve cloning the apache-rootkit repository on to the target system. 1. After cloning the repository you will need to navigate to the “apache-rootkit” directory: cd apache-rootkit @@ -215,4 +210,4 @@ Given that the target server is running the LAMP stack, we can create a PHP mete ![Meterpreter session receiving connection from Commix PHP backdoor](meterpreter-session-receiving-connection-from-commix-php-backdoor.png "Meterpreter session receiving connection from Commix PHP backdoor") - We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session. \ No newline at end of file + We have been able to successfully set up the apache-rootkit module and leverage the command injection functionality afforded by the module to execute arbitrary commands on the target system as well as upload a PHP backdoor that will provide you with a meterpreter session. From aa5dba32af5d8c579498b26e1b6f0634693aa3c7 Mon Sep 17 00:00:00 2001 From: Nathan Melehan Date: Fri, 19 Dec 2025 16:55:52 +0000 Subject: [PATCH 2/2] Blueberry fix --- .../linux-red-team-defense-evasion-rootkits/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md b/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md index fc2cdefd86b..e913a19e16a 100644 --- a/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md +++ b/docs/guides/security/vulnerabilities/linux-red-team-defense-evasion-rootkits/index.md @@ -95,7 +95,7 @@ The following procedures outline the process of setting up the apache-rootkit mo cd /tmp -1. The next step will involve cloning the apache-rootkit repository on to the target system. +1. The next step will involve cloning the apache-rootkit repository on to the target system. 1. After cloning the repository you will need to navigate to the “apache-rootkit” directory: cd apache-rootkit