NzT is a universal user-mode Linux rootkit that will sustainability hold root persistence across all Linux kernel versions, and will successfully bypass any EDR or rootkit detection software. NzT will also come with a plethora of features capable of stealing important files such as SQL database backups, .git, and other configuration files; And much more. Along with being the first of it's kind NzT implements some API system call hooking that has never been seen before which makes it such a unique, and undetectable rootkit experience.
C&C / C2 / backdoor methods:
--- ICMP backdoor
- Use a unique magic identifier to open a reverse shell
--- accept ( ) backdoor
- Use a unique magic identify to open a listening TCP server
--- PAM backdoor
- Direct interactive SSH backdoor with custom hidden port, username, and password
Internal System Logging:
---- SSH Log
- Log all incoming and outgoing SSH authorizations in plaintext by hooking pam_vprompt, read, and write API calls
--- Execution Log
- Log all normal ( including root ) user command execution flow
Hiding Self / Rootkit
--- Hide all files, processes, open ports, and all connections based on unique magic identifier
--- Hide process map files, to prevent direct mapping of process and being able to identify rootkit
--- Hide any file, or directory of choice
--- All rootkit master created directories and files will be kept track of, so no need to manually add or edit anything to keep it hidden!
--- Note: It is possible to forge or fake as any other installed software, service, or similar
EDR Bypass / Evasion
--- Hooking API calls to hide it's self from / proc * / * maps as well as many other system locations
--- Bypassing SELinux and GRSec
--- Bypasses and hides from SentinelOne and other similar software
File Stealer
--- By scanning and keeping tracking of a user made list of interesting files and directories the rootkit is capable of stealing anything on the fly and uploading it directly to an external server
--- Stuff like SQL databases are stolen automatically by default!
Original Price & Value on darkweb
--- Binary with all features + Setup Guide: $ 500
--- Source Code: $ 7500
password:
Code:
hellofhackers.com
Last edited by a moderator:
tool of the linux market 
