Skip to content

panix-v2.0.0

Latest
Latest
Compare
Choose a tag to compare
@Aegrah Aegrah released this 25 Nov 13:30
· 6 commits to main since this release
panix-v2.0.0
c605dbf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release

I'm excited to announce the PANIX Version 2.0 release! The current release has the following fully or partially new functions built-in:

Feature Description Root User
Bind Shell Executes a pre-compiled/LOLBin bind shell for remote access. ✔️ ✔️
Diamorphine Rootkit Installs the Diamorphine Loadable Kernel Module (LKM) Rootkit. ✔️
LD_PRELOAD Backdoor Uses LD_PRELOAD to inject malicious libraries for persistence. ✔️
LKM Backdoor Loads a Loadable Kernel Module (LKM) to maintain persistence. ✔️
PAM Persistence Installs a PAM backdoor using a rogue module or pam_exec. ✔️
Reverse Shell Establishes a reverse shell (supporting multiple LOLBins). ✔️ ✔️
Udev Persistence Utilizes Udev drivers to persist at the hardware interaction level. ✔️
Web Shell Persistence Deploys rogue web servers for remote access via web interfaces. ✔️ ✔️

Framework changes

Additionally, this release contains changes to the structure of PANIX. The PANIX repository is now designed for modularity, maintainability, and ease of extension. Each persistence mechanism includes both setup and revert scripts, simplifying management and removal.

PANIX/
├── main.sh           # Core logic and argument parsing.
├── modules/          # Persistence mechanism scripts.
│   ├── common.sh     # Shared functions.
│   ├── setup_*.sh    # Setup scripts.
│   └── revert/       # Revert scripts.
├── build.sh          # Builds the distributable script.
├── panix.sh          # Final distributable script.
└── README.md         # Documentation.

Key Benefits

  • Paired Setup & Revert: Every setup_*.sh has a corresponding revert_*.sh, ensuring easy removal of persistence mechanisms.
  • Modular Design: Easily modify existing modules or add new ones without affecting the core system.
  • Simple Expansion: To add new functionality:
    1. Create a new setup_*.sh in modules/.
    2. Add a corresponding revert_*.sh in modules/revert/.
    3. Update main.sh to include the new scripts.
    4. Update common.sh to include the module in the help menu.
    5. Run build.sh to generate the updated panix.sh.

This streamlined structure promotes efficient development, testing, and deployment of persistence features.

Support

These features have been tested on the same operating systems as PANIX version 1. This release supports the following distributions:

Distribution Support Tested Version
Debian ✔️ Debian 11 & 12
Ubuntu ✔️ Ubuntu 22.04 (Diamorphine unavailable)
RHEL ✔️ RHEL 9 (MOTD unavailable)
CentOS ✔️ CentOS Stream 9 & 7 (MOTD unavailable)
Fedora ✔️ Not fully tested
Arch Linux ✔️ Not fully tested
OpenSUSE ✔️ Not fully tested

What's Changed

  • PANIX Modularization by @Aegrah in #15
  • [New Feature] Sedexp Udev Persistence by @Aegrah in #16
  • [FR] LKM Module & Diamorphine Rootkit by @Aegrah in #17
  • [FR] PAM Persistence Techniques by @Aegrah in #18
  • [FR] Bind & Reverse Shell Capability by @Aegrah in #19
  • [FR] Web Server Backdoor by @Aegrah in #20
  • [FR] LD_PRELOAD Persistence by @Aegrah in #23
  • [FR] Add Mitre Matrix Print by @Aegrah in #24
  • [FR] Implement Revert Functionality & Fixes by @Aegrah in #25
  • [Enhancement] README.md & MITRE Matrix Update by @Aegrah in #26
  • [Bug Fix] Fixing Rootkit Revert & Setup Function by @Aegrah in #27
  • Update README.md by @Aegrah in #28

Full Changelog: panix-v1.0.0...panix-v2.0.0

Contributors

Aegrah
Assets 3
Loading