Skip to content

Releases: Aegrah/PANIX

panix-v2.0.1

19 Dec 13:49
@Aegrah Aegrah
panix-v2.0.1
2d2c118
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
panix-v2.0.1 Latest
Latest

Release

I'm excited to announce the release of PANIX v2.0.1, a refinement of v2.0.0 with important fixes, improvements, and updates to ensure better functionality and usability. Here's what's new:

Improvements & Fixes

  • LKM Module

    • Now includes persistence across reboots.

  • Rootkit Module

    • Improved with persistence across reboots.

  • PAM Module Enhancements

    • Addressed missed PAM hijacking paths for broader coverage.
    • Introduced a backup mechanism for the initial PAM module:
      • The revert module restores the original backup for safer and more reliable operations.

  • Revert Module Updates

    • Adjusted to accommodate the new improvements in other modules for seamless recovery.

  • README Updates

    • Updated checkboxes for better visibility on GitHub dark mode.

This release is a maintenance update building on the features of v2.0.0. Thank you to everyone who has contributed to making PANIX better! 🎉

For any questions or issues, please open a GitHub issue.

Assets 3
Loading

panix-v2.0.0

25 Nov 13:30
@Aegrah Aegrah
panix-v2.0.0
c605dbf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
panix-v2.0.0

Release

I'm excited to announce the PANIX Version 2.0 release! The current release has the following fully or partially new functions built-in:

Feature Description Root User
Bind Shell Executes a pre-compiled/LOLBin bind shell for remote access. ✔️ ✔️
Diamorphine Rootkit Installs the Diamorphine Loadable Kernel Module (LKM) Rootkit. ✔️
LD_PRELOAD Backdoor Uses LD_PRELOAD to inject malicious libraries for persistence. ✔️
LKM Backdoor Loads a Loadable Kernel Module (LKM) to maintain persistence. ✔️
PAM Persistence Installs a PAM backdoor using a rogue module or pam_exec. ✔️
Reverse Shell Establishes a reverse shell (supporting multiple LOLBins). ✔️ ✔️
Udev Persistence Utilizes Udev drivers to persist at the hardware interaction level. ✔️
Web Shell Persistence Deploys rogue web servers for remote access via web interfaces. ✔️ ✔️

Framework changes

Additionally, this release contains changes to the structure of PANIX. The PANIX repository is now designed for modularity, maintainability, and ease of extension. Each persistence mechanism includes both setup and revert scripts, simplifying management and removal.

PANIX/
├── main.sh           # Core logic and argument parsing.
├── modules/          # Persistence mechanism scripts.
│   ├── common.sh     # Shared functions.
│   ├── setup_*.sh    # Setup scripts.
│   └── revert/       # Revert scripts.
├── build.sh          # Builds the distributable script.
├── panix.sh          # Final distributable script.
└── README.md         # Documentation.

Key Benefits

  • Paired Setup & Revert: Every setup_*.sh has a corresponding revert_*.sh, ensuring easy removal of persistence mechanisms.
  • Modular Design: Easily modify existing modules or add new ones without affecting the core system.
  • Simple Expansion: To add new functionality:
    1. Create a new setup_*.sh in modules/.
    2. Add a corresponding revert_*.sh in modules/revert/.
    3. Update main.sh to include the new scripts.
    4. Update common.sh to include the module in the help menu.
    5. Run build.sh to generate the updated panix.sh.

This streamlined structure promotes efficient development, testing, and deployment of persistence features.

Support

These features have been tested on the same operating systems as PANIX version 1. This release supports the following distributions:

Distribution Support Tested Version
Debian ✔️ Debian 11 & 12
Ubuntu ✔️ Ubuntu 22.04 (Diamorphine unavailable)
RHEL ✔️ RHEL 9 (MOTD unavailable)
CentOS ✔️ CentOS Stream 9 & 7 (MOTD unavailable)
Fedora ✔️ Not fully tested
Arch Linux ✔️ Not fully tested
OpenSUSE ✔️ Not fully tested

What's Changed

  • PANIX Modularization by @Aegrah in #15
  • [New Feature] Sedexp Udev Persistence by @Aegrah in #16
  • [FR] LKM Module & Diamorphine Rootkit by @Aegrah in #17
  • [FR] PAM Persistence Techniques by @Aegrah in #18
  • [FR] Bind & Reverse Shell Capability by @Aegrah in #19
  • [FR] Web Server Backdoor by @Aegrah in #20
  • [FR] LD_PRELOAD Persistence by @Aegrah in #23
  • [FR] Add Mitre Matrix Print by @Aegrah in #24
  • [FR] Implement Revert Functionality & Fixes by @Aegrah in #25
  • [Enhancement] README.md & MITRE Matrix Update by @Aegrah in #26
  • [Bug Fix] Fixing Rootkit Revert & Setup Function by @Aegrah in #27
  • Update README.md by @Aegrah in #28

Full Changelog: panix-v1.0.0...panix-v2.0.0

Contributors

Aegrah
Assets 3
Loading

panix-v1.0.0

17 Jul 10:57
@Aegrah Aegrah
panix-v1.0.0
e39a377
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
panix-v1.0.0

Release

This release consists version 1.0.0 of PANIX, a Linux persistence tool. The current release has the following functions built-in:

Feature Description Root User
At Job Persistence At job persistence
Authorized Keys Management Add public key to authorized keys
Backdoor User Create backdoor user with uid=0
Bind Shell Execute backgrounded bind shell
Capabilities Backdoor Add capabilities for persistence
Cron Job Persistence Cron job persistence
Create User Create a new user
Git Persistence Git hook/pager persistence
Generator Persistence Systemd generator persistence
Init.d Backdoor SysV Init (init.d) persistence
Malicious Package Backdoor DPKG/RPM package persistence
Docker Container Backdoor Docker container with host escape
MOTD Backdoor Message Of The Day (MOTD) persistence
Package Manager Persistence Package Manager persistence (APT/YUM/DNF)
/etc/passwd Modification Add user to /etc/passwd directly
Password Change Change user password
RC.local Backdoor Run Control (rc.local) persistence
Shell Profile Persistence Shell profile persistence
SSH Key Persistence SSH key persistence
Sudoers Backdoor Sudoers persistence
SUID Backdoor SUID persistence
System Binary Backdoor System binary wrapping for persistence
Systemd Service Persistence Systemd service persistence
Udev Persistence Udev (driver) persistence
XDG Autostart Persistence XDG autostart persistence

Support

Support for this release consists of, but is not limited to the following distributions:

Distribution Support Tested
Debian Fully tested on Debian 11 & 12
Ubuntu Fully tested on Ubuntu 22.04
RHEL Fully tested on RHEL 9 (MOTD unavailable)
CentOS Fully tested on CentOS Stream 9, 7 (MOTD unavailable)
Fedora Not fully tested
Arch Linux Not fully tested
OpenSUSE Not fully tested
Assets 3
Loading