Bypassing Linux Security – Hiding Linux processes

30 May 2023 4 minutes Author: Lady Liberty

Stealth Secrets: Security Bypasses and Processes in Linux

Linux is an open operating environment or kernel based on the principles of free software and collaborative development. It was created by Linus Torvalds in 1991 and has since become one of the most popular and widely used operating systems in the world. Linux provides basic operating system functions such as process, memory, and file system management. It is used in various devices, from personal computers and servers to mobile phones, televisions, routers and other embedded systems. Linux system security and protection is always important, but there are cases when attackers try to bypass protection and hide their activities. In the article “Bypassing Linux Security – Hiding Linux Processes” we will look at the various methods used to hide processes on a Linux system.

Learn about the techniques attackers use to avoid detection and protect their activity. We will also look at the tools and techniques that can be used to detect and counter such threats. Protect your Linux system from hackers and attackers by learning how to bypass security and hide Linux processes. Don’t allow attackers to hide their activity on a Linux system – learn about methods to bypass security and hide Linux processes and keep your system safe.

Bypassing Linux Security – Hiding Linux processes

We can use rootkits on Linux systems to hide our processes from the tree to avoid detection by system administrators or security analysts. This can be very useful when the red team is working on Linux objects, mainly because suspicious processes can be easily identified in the process tree and thus protected by the green team or analysts. We can achieve this with various Linux rootkits, but we also want to avoid installing advanced rootkits that can be detected by Linux checkers or AV scanners. So we will use an open source Linux utility called Libprocesshider that will allow us to hide a process on a Linux object using the ld preloader.

Prerequisites and requirements

In order to follow the tools used in this document, you must be using one of the following Linux distributions:

  • Kali Linux

  • Parrot OS

Below is a list of recommended technical prerequisites that you will need to get the most out of this course:

  • Introduction to Linux system administration.

  • Introduction to Windows.

  • Functional knowledge of TCP/IP

  • Familiarity with penetration testing concepts and lifecycle.

Note: The methods and tools used in this document were performed on a Kali Linux 2021.2 virtual machine.

Hiding Linux processes with Libprocesshider

GitHub repository: https://github.com/gianlucaborello/libprocesshider

The first step in this process is to clone the Librpocesshider GitHub repository to the target system.

This can be done by running the following command:

git clone https://github.com/gianlucaborello/libprocesshider.git

After cloning the repository, you will need to identify the name of the process you want to hide with Librpocesshider, this can be done by listing the running processes on the system:

In my case, I used grep to avoid searching in the output:

To hide the “shell.py” process from the process tree, we need to go to the librpocesshider directory we just cloned and modify the “processhider.c” file.

This can be done by running the following command:

You will then need to change the “process_to_filter” value to the name of the process you want to hide, as shown in the screenshot below.

In this case, we will hide all occurrences of the “shell.py” process from the process tree.

After making changes, you can save the file.

The next step is to compile the “processhider.c” file into a shardable object file, this can be done by running the following command:

The compilation will create a partitioned object file called “libprocesshider.so” as shown in the following screenshot.

We need to move this shared object file to the /usr/local/lib directory, this can be done by running the following command:

Then we need to load the generic object “libprocesshider.so” and this can be done by running the following command:

We can now confirm that the shell.py process is hidden in the process tree by running the script and listing the running processes.

Other related articles
For beginnersEducation
Read more
Linux Command Reference
Discover the power of Linux with our command guide. This comprehensive guide covers all the basic commands and utilities you need to master the command line interface. From file management to system administration, our detailed explanations and real-world examples will help you become a Linux pro in no time.”
396
Personal safetyPrivacy
Read more
The best Linux distributions
The article provides a reteThe article provides a carefully selected list of the best Linux distributions. The list contains a detailed description of each Linux distribution with key features. A handpicked list of the best Linux distributions. The list contains a detailed description of each Linux distribution with key features.
497
Found an error?
If you find an error, take a screenshot and send it to the bot.