Closed therealdreg closed 6 years ago
very nice job man, I already know that is the weakness of Reptile. Maybe I update and change things to avoid detection, but since this rootkit is public, always have a way to detect, maybe I keep avoid of detection in priv8. hahaha
I took a look at your code and that is very nice, congrats.
hey man,
did you have tested with last version of Reptile, I am running your code and I didnt have caught with that yet. But even that is fail, I need to change get root with setreuid hook. ;)
the scanning can take hours, be very patient x)
@David-Reguera-Garcia-Dreg,
maybe my lazy update took Reptile undetectable by lsrootkit. ;)
but, I know you can detect it in other ways (perhaps using kill
), maybe I need to stop being lazy... hahaha
kill bruteforcing added ! x)
lsrootkit detects Reptile with a simple GID bruteforcing.
https://github.com/David-Reguera-Garcia-Dreg/lsrootkit