search

mempodippy / vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
GNU General Public License v3.0
935 stars 193 forks source link

"Configuration failed. Exiting." #7

Closed unixfox closed 7 years ago

unixfox commented 7 years ago

EDIT: It's related to the latest commits because this bug appears on CentOS & Debian (and maybe on other Linux distros).

I performed an installation but the install.sh trowed an error about Configuration failed. Exiting., here is the output of the installation:

[root@vlany ~]# cd vlany-master && ./install.sh --cli
/usr/bin/ld: cannot find -lc
collect2: error: ld returned 1 exit status
Checking for current presence of (and removing, if necessary) ld.so.preload
./install.sh: line 12: misc/rm_preload: No such file or directory
rm: cannot remove ‘misc/rm_preload’: No such file or directory
Press enter to continue, or ^C to exit.
Installing vlany without a tui.
Do you want to compile or install vlany? (enter 'compile' or 'install'): install
Regularly installing vlany.
Installing prerequisite packages... Please wait.
Packages installed.
Patching dynamic linker.
Attempting to patch /lib/ld-2.17.so by replacing /etc/ld.so.preload with new string, /etc/.FNUN1ZHE
Traceback (most recent call last):
  File "misc/patch_ld.py", line 69, in <module>
    for x in locations.split("\n"): patch_lib(x, O_PRELOAD, n_preload)
  File "misc/patch_ld.py", line 42, in patch_lib
    print("old preload found in {0}: {1}".format(location, x))
NameError: global name 'location' is not defined
cat: new_preload: No such file or directory
rm: cannot remove ‘new_preload’: No such file or directory
Dynamic linker patched.
Beginning configuration. Please don't leave any options that don't have default values empty (options with default values have [VALUE] in them). I can't be bothered checking for empty input.
PAM backdoor username: backdoor
PAM backdoor password: backdoor
Hidden PAM port [8923]: 8923
Optional SSL encryption for accept() hook backdoor (Yes/No) [No]: Yes
accept() shell password: backdoor
accept() low port [463]: 463
accept() high port [465]: 465
execve command password: backdoor
Rootkit library name [e7Ky2C0vxXfK]: e7Ky2C0vxXfK
Hidden directory [/lib/libc.so.backdoor.14]: /lib/libc.so.backdoor.14
Environment variable [RIAYOGGVAGLT]: RIAYOGGVAGLT
Configuration failed. Exiting.

OS details

mempodippy commented 7 years ago

Should be fixed now. Was pushing some local changes without the proper time and environment to test my changes. Apologies. Keeping this open as of now.

unixfox commented 7 years ago

Thank you. I'm facing to another issue during the installation: OS: CentOS 7.2

[root@vlany ~]# cd vlany-master && ./install.sh --cli
/usr/bin/ld: cannot find -lc
collect2: error: ld returned 1 exit status
Checking for current presence of (and removing, if necessary) ld.so.preload
./install.sh: line 12: misc/rm_preload: No such file or directory
rm: cannot remove ‘misc/rm_preload’: No such file or directory
Press enter to continue, or ^C to exit.
Installing vlany without a tui.
Do you want to compile or install vlany? (enter 'compile' or 'install'): install
Regularly installing vlany.
Installing prerequisite packages... Please wait.
Packages installed.
Patching dynamic linker.
Attempting to patch /lib/ld-2.17.so by replacing /etc/ld.so.preload with new string, /lib/.s0eS78aI
old preload found in /lib/ld-2.17.so: /etc/ld.so.preload
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Replacing /etc/ld.so.preload with /lib/.s0eS78aI in library /lib/ld-2.17.so
sh: xxd: command not found
sed: couldn't write 292656 items to stdout: Broken pipe
/lib/ld-2.17.so patched.
Attempting to patch /lib/ld-linux.so.2 by replacing /etc/ld.so.preload with new string, /lib/.s0eS78aI
Attempting to patch /lib64/ld-linux-x86-64.so.2 by replacing /etc/ld.so.preload with new string, /lib/.s0eS78aI
old preload found in /lib64/ld-linux-x86-64.so.2: /etc/ld.so.preload
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Padding the new preload location with nullbytes.
Replacing /etc/ld.so.preload with /lib/.s0eS78aI in library /lib64/ld-linux-x86-64.so.2
sh: xxd: command not found
sed: couldn't write 328880 items to stdout: Broken pipe
/lib64/ld-linux-x86-64.so.2 patched.
Attempting to patch /lib64/ld-2.17.so by replacing /etc/ld.so.preload with new string, /lib/.s0eS78aI
Traceback (most recent call last):
  File "misc/patch_ld.py", line 70, in <module>
    patch_lib(x, O_PRELOAD, n_preload)
  File "misc/patch_ld.py", line 38, in patch_lib
    p = subprocess.Popen(["strings", target_lib], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1327, in _execute_child
    raise child_exception
OSError: [Errno 5] Input/output error
./install.sh: line 37: /usr/bin/cat: Input/output error
./install.sh: line 38: /usr/bin/rm: Input/output error
Dynamic linker patched.
Beginning configuration. Please don't leave any options that don't have default values empty (options with default values have [VALUE] in them). I can't be bothered checking for empty input.
PAM backdoor username: backdoor
PAM backdoor password: backdoor
./install.sh: line 104: /usr/bin/cat: Input/output error
./install.sh: line 104: /usr/bin/tr: Input/output error
./install.sh: line 104: /usr/bin/fold: Input/output error
./install.sh: line 104: /usr/bin/head: Input/output error
Hidden PAM port []: ^C
mempodippy commented 7 years ago

Are you trying to install vlany on a box which already has an installation on it? The only reason I could think that 'misc/rm_preload' wouldn't be present after it's source compilation would be due to vlany force-disabling the use of gcc's static compilation flag.

unixfox commented 7 years ago

No I reinstalled the VM before installing the newer version of vlany. EDIT: I can try on Debian if you want.

mempodippy commented 7 years ago

Yeah... I assumed so but just wanted to make sure. Also I feel terrible for not being able to do it myself, I'll have to sleep soon. I'll probably do some debugging tomorrow since I basically have the whole day to myself tomorrow, excluding morning, but issues and feedback are appreciated a lot. :smile:

unixfox commented 7 years ago

Okay, good night. The commands xxd & setfattr weren't installed (yum install vim-common attr).

I'll retry to install vlany from a fresh CentOS with only gcc to see if some other packages are missing inside the install.sh. (Because I always use yum groupinstall 'Development Tools' in alternative of build-essential on Debian.) Note: I always use Debian, I just wanted to test vlany into CentOS to see if I'm having the same error as this guy #5.

PS: If you could find the bug behind the unable to reboot, it could be great 😃! Thank you for the work you put in this project!

mempodippy commented 7 years ago

Merge appreciated. Once I have a bit more spare time, I will. :stuck_out_tongue: Free Friday, rest of the weekend I'm busy. Also thank you for all your help. :smile: