mempodippy
commented
7 years ago vlany hasn't been tested on CentOS. All development was done on Debian/Ubuntu. Once I get home, I'll take a look into this for you. :smile:
Closed taibaiyifeng closed 7 years ago
mempodippy
commented
7 years ago vlany hasn't been tested on CentOS. All development was done on Debian/Ubuntu. Once I get home, I'll take a look into this for you. :smile:
unixfox
commented
7 years ago It may be related to SELinux.
sksksksksksksk
commented
7 years ago unixfox might have an idea what's going on here... I'd say have a look at what's being denied. I ran into this problem a long while ago and it should be as easy as giving it the right context for the distro you're on.
unixfox
commented
7 years ago @taibaiyifeng Can you give the output of this command:
cat /etc/sysconfig/selinux? I don't have this issue using CentOS 7.2 with SELinux disabled.
BUT I can't use the ssh backdoor because the host closes the connection with this error:
id: cannot find name for group ID 574984138
taibaiyifeng
commented
7 years ago when you say this may be cause by selinux,so i stop my selinux and reboot,after install the rootkit(my system have clone,i return clone),this problem was solved by disable selinux,but i have the same problem with you,this backdoor can't connect ,(i use ssh.sh to cannect,rootkit create user have no useful)
mempodippy
commented
7 years ago It's understood that the PAM backdoor isn't working right now, but the accept backdoor may still be working. I can't test anything right now, I have terrible internet and I have no working VMs with any available snapshots. I'll diagnose if the accept backdoor is still functioning when I get home, and I'll debug the currently broken PAM backdoor on a CentOS VM while I'm there. If it's required on CentOS, use the accept backdoor for now while the PAM backdoor is unusable. Closing this for now. If any relevant or similar issues arise to this current one, please open another one and I'll get back to you whenever I can.
unixfox
commented
7 years ago Why are you closing the issue if the bug isn't resolved? Issues are a good way to know and remember what doesn't work on a program.
You can get a free access to trystack who provide free KVM VMs (including CentOS images) for the development, they reset the environment every 24 hours. There are other free VMs hosters listed here: https://github.com/ripienaar/free-for-dev#iaas.
mempodippy
commented
7 years ago I've been set on resolving the bug since my last comment. Additionally, I have the bug listed in the README: even if I was to forget, which I won't, it's also there. I know not everyone downloading vlany will be looking at the open or closed issues, thus the bug listing in the README. I miss out on 6-8 hours a day of dev time, and only in usually 2 (sometimes 1 or 3) of them can I actually access the repository and make miscellaneous changes, so I do what I can with what I have.
Redeyesgreendragon
commented
4 years ago No root #Error
Redeyesgreendragon
commented
4 years ago No root #Error
i'm test this root in centos 6.5,but when i finshed, there have many error when i execute command, [root@localhost vlany]# ls -la ERROR: ld.so: object '/lib/libc.so.rootkit.89/SHWpgWVMsYw9.so.$PLATFORM' from /etc/.7AguPgE5g6 cannot be preloaded: ignored. total 156 drwxr-xr-x. 5 root root 4096 Nov 11 00:45 . drwxr-xr-x. 3 root root 4096 Nov 11 00:34 .. -rw-r--r--. 1 root root 23147 Nov 11 00:36 config.py drwxr-xr-x. 8 root root 4096 Nov 11 00:36 .git -rwxr-xr-x. 1 root root 16517 Nov 11 00:36 install.sh -rw-r--r--. 1 root root 35141 Nov 11 00:36 LICENSE drwxr-xr-x. 2 root root 4096 Nov 11 00:39 misc -rw-r--r--. 1 root root 16 Nov 11 00:41 new_preload -rw-r--r--. 1 root root 31401 Nov 11 00:36 README -rw-r--r--. 1 root root 1858 Nov 11 00:36 README.md drwxr-xr-x. 23 root root 4096 Nov 11 00:36 symbols -rw-r--r--. 1 root root 15392 Nov 11 00:36 vlany.c [root@localhost vlany]# it obvious show something