| With the information technology developing rapidly, internet and information sharing become the trend of current information society. More and more information systems in diverse fields dependent on Internet currently. However, the information threats and security requirements is becoming the key of the problem which we have to be faced. Remote control techniques have become a focus in the studying of network security. Rootkit (which can be used to keep the root privilege) is a kind of tool used to control target's computer system permanently and secretly after successfully breaking into it, the correlation technical has become the important part of remote control technical. The article is based on the remote attack system, and firstly described the structure of linux Kernel , linux boot process, the management of task and LKM (loadable kernel module), then, summarized the method of realization kernel Rootkit which was based on replacing system call and make improvement on the hand of escaping check; sum up the technical of realization Rootkit based on exception fix pointer replacing; raised and finished the Rootkit, that is based on replacing the system call of VFS. The method of replacing the pointer of VFS was in the lower level so that it's hard to be detected. The VFS backdoor can gain a very high privilege, such as hiding file, hiding process, hiding net connection, log filter and so on. The realization part in this article emphasize on concealment and useableness, furthermore, the hidden rootkit module technical used replacing system call, hidden module and module injection in kernel space, in user space, used the method kernel module started the program and replacing script. At last, some shortcomings were presented for the purpose of checking and raised the... |
PDF Full Text Request