Demonized Shell is an Advanced Tool for persistence in linux.
Install
git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git
cd D3m0n1z3dShell
chmod +x demonizedshell.sh
sudo ./demonizedshell.sh
cd D3m0n1z3dShell
chmod +x demonizedshell.sh
sudo ./demonizedshell.sh
One-Liner Install
Download D3m0n1z3dShell with all files:
curl -L https://github.com/MatheuZSecurity/D3m0n1z3dShell/archive/main.tar.gz | tar xz && cd D3m0n1z3dShell-main && sudo ./demonizedshell.sh
Load D3m0n1z3dShell statically (without the static-binaries directory):
sudo curl -s https://raw.githubusercontent.com/MatheuZSecurity/D3m0n1z3dShell/main/static/demonizedshell_static.sh -o /tmp/demonizedshell_static.sh && sudo bash /tmp/demonizedshell_static.sh
Demonized Features
Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user & SUID bash LKM Rootkit Modified, Bypassing rkhunter & chkrootkit LKM Rootkit With file encoder. persistent icmp backdoor and others features. ICMP Backdoor LD_PRELOAD Setup PrivEsc Static Binaries For Process Monitoring, Dump credentials, Enumeration, Trolling and Others Binaries.Pending Features
LD_PRELOAD Rootkit Process Injection install for example: curl github.com/test/test/demonized.sh | bash Static D3m0n1z3dShell Intercept Syscall Write from a file ELF/Rootkit Anti-Reversing Technique PAM Backdoor rc.local Persistence init.d Persistence motd Persistence Persistence via php webshell and aspx webshellAnd other types of features that will come in the future.
Contribution
If you want to contribute and help with the tool, please contact me on twitter: @MatheuzSecurity
Note
We are not responsible for any damage caused by this tool, use the tool intelligently and for educational purposes only.