Linux is an open operating environment or kernel based on the principles of free software and collaborative development. It was created by Linus Torvalds in 1991 and has since become one of the most popular and widely used operating systems in the world. Linux provides basic operating system functions such as process, memory, and file system management. It is used in various devices, from personal computers and servers to mobile phones, televisions, routers and other embedded systems. Linux system security and protection is always important, but there are cases when attackers try to bypass protection and hide their activities. In the article “Bypassing Linux Security – Hiding Linux Processes” we will look at the various methods used to hide processes on a Linux system.
Learn about the techniques attackers use to avoid detection and protect their activity. We will also look at the tools and techniques that can be used to detect and counter such threats. Protect your Linux system from hackers and attackers by learning how to bypass security and hide Linux processes. Don’t allow attackers to hide their activity on a Linux system – learn about methods to bypass security and hide Linux processes and keep your system safe.
In order to follow the tools used in this document, you must be using one of the following Linux distributions:
Kali Linux
Parrot OS
Below is a list of recommended technical prerequisites that you will need to get the most out of this course:
Introduction to Linux system administration.
Introduction to Windows.
Functional knowledge of TCP/IP
Familiarity with penetration testing concepts and lifecycle.
Note: The methods and tools used in this document were performed on a Kali Linux 2021.2 virtual machine.
GitHub repository: https://github.com/gianlucaborello/libprocesshider
The first step in this process is to clone the Librpocesshider GitHub repository to the target system.
git clone https://github.com/gianlucaborello/libprocesshider.git
After cloning the repository, you will need to identify the name of the process you want to hide with Librpocesshider, this can be done by listing the running processes on the system:
In my case, I used grep to avoid searching in the output:
To hide the “shell.py” process from the process tree, we need to go to the librpocesshider directory we just cloned and modify the “processhider.c” file.
This can be done by running the following command:
You will then need to change the “process_to_filter” value to the name of the process you want to hide, as shown in the screenshot below.
In this case, we will hide all occurrences of the “shell.py” process from the process tree.
After making changes, you can save the file.
The next step is to compile the “processhider.c” file into a shardable object file, this can be done by running the following command:
The compilation will create a partitioned object file called “libprocesshider.so” as shown in the following screenshot.
We need to move this shared object file to the /usr/local/lib directory, this can be done by running the following command:
Then we need to load the generic object “libprocesshider.so” and this can be done by running the following command:
We can now confirm that the shell.py process is hidden in the process tree by running the script and listing the running processes.