[+] Add change which allows for Input of values(file/dir names & usernames) (3.4_hiding_directories and for hiding_logged_in_users)

3_RootkitTechniques/3.4_hiding_directories/README.md

@@ -22,6 +22,7 @@ To use:
 * Build with `make`
 * Create a file/directory that starts with the string "boogaloo", e.g. `touch boogaloo`
 * Load with `insmod rootkit.ko`
+  * Alternatively, `insmod rootkit.ko PREFIX="hideme"` would hide files and folders starting with "hideme"
 * List the directory contents of wherever you placed the "boogaloo" file, e.g. `ls`
 * Observe that the "boogaloo" file is missing!
 * Unload with `rmmod rootkit`

3_RootkitTechniques/3.4_hiding_directories/rootkit.c

@@ -8,7 +8,12 @@
 
 #include "ftrace_helper.h"
 
-#define PREFIX "boogaloo"
+/*
+ * The PREFIX "boogaloo" can be a default
+ * and hard coded value.
+ */
+static char *PREFIX = "boogaloo";
+module_param(PREFIX, charp, S_IRUGO);
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("TheXcellerator");

3_RootkitTechniques/3.9_hiding_logged_in_users/README.md

@@ -13,6 +13,7 @@ Also included in this directory is a program called `enum_utmp`. This program wi
 To use:
 * Build with `make`
 * Load with `insmod rootkit.ko`
+  * Alternatively - one may use `insmod rootkit.ko HIDDEN_USER="some_username"` where `"some_username"` is a username to be hidden. By default, it hides the "root" user
 * In another terminal, spawn a root shell via `sudo screen -S root_login`
 * Back in the non-root user's terminal, run `who` or `finger` and confirm that `root` does NOT appear in the list
 * Unload the module with `rmmod rootkit`

3_RootkitTechniques/3.9_hiding_logged_in_users/rootkit.c

@@ -8,7 +8,12 @@
 #include "utmp.h"
 #include "ftrace_helper.h"
 
-#define HIDDEN_USER "root"
+/*
+ * The username "root" can be a default
+ * and hard coded value.
+ */
+static char *HIDDEN_USER = "root";
+module_param(HIDDEN_USER, charp, S_IRUGO);
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("TheXcellerator");