Closed therealdreg closed 6 years ago
f0rb1dd3n
commented
6 years ago very nice job man, I already know that is the weakness of Reptile. Maybe I update and change things to avoid detection, but since this rootkit is public, always have a way to detect, maybe I keep avoid of detection in priv8. hahaha
I took a look at your code and that is very nice, congrats.
f0rb1dd3n
commented
6 years ago hey man,
did you have tested with last version of Reptile, I am running your code and I didnt have caught with that yet. But even that is fail, I need to change get root with setreuid hook. ;)
therealdreg
commented
6 years ago the scanning can take hours, be very patient x)
f0rb1dd3n
commented
6 years ago @David-Reguera-Garcia-Dreg,
maybe my lazy update took Reptile undetectable by lsrootkit. ;)
but, I know you can detect it in other ways (perhaps using kill), maybe I need to stop being lazy... hahaha
therealdreg
commented
6 years ago kill bruteforcing added ! x)
lsrootkit detects Reptile with a simple GID bruteforcing.
https://github.com/David-Reguera-Garcia-Dreg/lsrootkit