search

mempodippy / vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
GNU General Public License v3.0
935 stars 193 forks source link

double free or corruption (fasttop) #9

Closed cybertrack131 closed 7 years ago

cybertrack131 commented 7 years ago

Hi,

I installed the rootkit but at the very end it crashes and makes the whole server unusable...

Error in `dialog': double free or corruption (fasttop): 0x000000000275b820 ./install.sh: line 402: 9313 Aborted dialog --title "$TITLE" --infobox "Installed." 7 20 3>&1 1>&2 2>&3 Error in `sleep': double free or corruption (fasttop): 0x0000000001e9ccf0 ./install.sh: line 402: 9314 Aborted sleep 1 Error in `dialog': double free or corruption (fasttop): 0x00000000006a0220 ./install.sh: line 402: 9315 Aborted dialog --title "$TITLE" --infobox "Setting up hidden directory and protecting files." 7 40 3>&1 1>&2 2>&3 Error in `sleep': double free or corruption (fasttop): 0x0000000000f5f2f0 ./install.sh: line 402: 9316 Aborted sleep 1 Error in `rm': double free or corruption (fasttop): 0x0000000004246ad0 ./install.sh: line 265: 9317 Aborted rm -rf .so. *.o Error in `date': double free or corruption (fasttop): 0x0000000001020e20 Error in `mv': double free or corruption (fasttop): 0x0000000003472f20 ./install.sh: line 265: 9319 Aborted mv bashrc $INSTALL/.bashrc Error in `mv': double free or corruption (fasttop): 0x000000000243a3c0 ./install.sh: line 265: 9320 Aborted mv shell_msg $INSTALL/.shell_msg Error in `mv': double free or corruption (fasttop): 0x000000000352c8c0 ./install.sh: line 265: 9321 Aborted mv bd_readme $INSTALL/README Error in `cp': double free or corruption (top): 0x00000000018ab670 ./install.sh: line 265: 9322 Aborted cp misc/enter_lxc.c $INSTALL/enter_lxc.c Error in `cp': double free or corruption (top): 0x0000000003398ce0 ./install.sh: line 265: 9323 Aborted cp misc/ssh.sh $INSTALL/ssh.sh Error in `setfattr': double free or corruption (fasttop): 0x0000000000936800 ./install.sh: line 265: 9324 Aborted setfattr -n user.${HIDDEN_XATTR_1_STR} -v ${HIDDEN_XATTR_2_STR} $NEW_PRELOAD Error in `setfattr': double free or corruption (fasttop): 0x0000000001156f90 ./install.sh: line 265: 9325 Aborted setfattr -n user.${HIDDEN_XATTR_1_STR} -v ${HIDDEN_XATTR_2_STR} $INSTALL $INSTALL/* $INSTALL/.profile $INSTALL/.bashrc $INSTALL/.shell_msg $INSTALL/.vlany_information Error in `chattr': double free or corruption (fasttop): 0x0000000000bd8e80 ./install.sh: line 265: 9326 Aborted chattr +ia $INSTALL/.profile $INSTALL/.bashrc $INSTALL/.shell_msg $INSTALL/.vlany_information $INSTALL/${OBJECT_FILE_NAME}* $NEW_PRELOAD Error in `dialog': double free or corruption (fasttop): 0x00000000009b86f0 ./install.sh: line 404: 9330 Segmentation fault /etc/init.d/ssh restart &> /dev/null Error in `clear': double free or corruption (fasttop): 0x00000000030f16d0 ./install.sh: line 405: 9331 Aborted clear Error in `cat': double free or corruption (fasttop): 0x0000000001563ca0 ./install.sh: line 406: 9332 Aborted cat $INSTALL/.vlany_information Thank you for choosing vlany.

Add after this, all command is useless...

root@ns3026835:/var/lib/vim/addons/vlany-master# ls Error in `ls': double free or corruption (top): 0x00000000022e75a0 Aborted

Any idea how to fix this ?

corefx commented 7 years ago

Hi,

I have this same problem on Debian 8 and Ubuntu 16.04.

2016-12-09 17:37 GMT+02:00 cybertrack131 notifications@github.com:

Hi,

I installed the rootkit but at the very end it crashes and makes the whole server unusable...

Error in dialog': double free or corruption (fasttop): 0x000000000275b820 ./install.sh: line 402: 9313 Aborted dialog --title "$TITLE" --infobox "Installed." 7 20 3>&1 1>&2 2>&3 Error insleep': double free or corruption (fasttop): 0x0000000001e9ccf0 ./install.sh: line 402: 9314 Aborted sleep 1 Error in dialog': double free or corruption (fasttop): 0x00000000006a0220 ./install.sh: line 402: 9315 Aborted dialog --title "$TITLE" --infobox "Setting up hidden directory and protecting files." 7 40 3>&1 1>&2 2>&3 Error insleep': double free or corruption (fasttop): 0x0000000000f5f2f0 ./install.sh: line 402: 9316 Aborted sleep 1 Error in rm': double free or corruption (fasttop): 0x0000000004246ad0 ./install.sh: line 265: 9317 Aborted rm -rf .so. *.o Error indate': double free or corruption (fasttop): 0x0000000001020e20 Error in mv': double free or corruption (fasttop): 0x0000000003472f20 ./install.sh: line 265: 9319 Aborted mv bashrc $INSTALL/.bashrc Error inmv': double free or corruption (fasttop): 0x000000000243a3c0 ./install.sh: line 265: 9320 Aborted mv shell_msg $INSTALL/.shell_msg Error in mv': double free or corruption (fasttop): 0x000000000352c8c0 ./install.sh: line 265: 9321 Aborted mv bd_readme $INSTALL/README Error incp': double free or corruption (top): 0x00000000018ab670 ./install.sh: line 265: 9322 Aborted cp misc/enter_lxc.c $INSTALL/enter_lxc.c Error in cp': double free or corruption (top): 0x0000000003398ce0 ./install.sh: line 265: 9323 Aborted cp misc/ssh.sh $INSTALL/ssh.sh Error insetfattr': double free or corruption (fasttop): 0x0000000000936800 ./install.sh: line 265: 9324 Aborted setfattr -n user.${HIDDEN_XATTR_1_STR} -v ${HIDDEN_XATTR_2_STR} $NEW_PRELOAD Error in setfattr': double free or corruption (fasttop): 0x0000000001156f90 ./install.sh: line 265: 9325 Aborted setfattr -n user.${HIDDEN_XATTR_1_STR} -v ${HIDDEN_XATTR_2_STR} $INSTALL $INSTALL/* $INSTALL/.profile $INSTALL/.bashrc $INSTALL/.shell_msg $INSTALL/.vlany_information Error inchattr': double free or corruption (fasttop): 0x0000000000bd8e80 ./install.sh: line 265: 9326 Aborted chattr +ia $INSTALL/.profile $INSTALL/.bashrc $INSTALL/.shell_msg $INSTALL/.vlany_information $INSTALL/${OBJECT_FILE_NAME}* $NEW_PRELOAD Error in dialog': double free or corruption (fasttop): 0x00000000009b86f0 ./install.sh: line 404: 9330 Segmentation fault /etc/init.d/ssh restart &> /dev/null Error inclear': double free or corruption (fasttop): 0x00000000030f16d0 ./install.sh: line 405: 9331 Aborted clear Error in `cat': double free or corruption (fasttop): 0x0000000001563ca0 ./install.sh: line 406: 9332 Aborted cat $INSTALL/.vlany_information Thank you for choosing vlany.

Add after this, all command is useless...

root@ns3026835:/var/lib/vim/addons/vlany-master# ls Error in `ls': double free or corruption (top): 0x00000000022e75a0 Aborted

Any idea how to fix this ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mempodippy/vlany/issues/9, or mute the thread https://github.com/notifications/unsubscribe-auth/AKH5xoR4QpNS5T05B9CPo706gPW6lvjuks5rGXXQgaJpZM4LJDyE .

mempodippy commented 7 years ago

Errors appear to arise after the rootkit's shared libraries have been loaded. It's definitely something to do with the libraries themselves. Will take a look soon.

corefx commented 7 years ago

The following commit seems to cause the problem: https://github.com/mempodippy/vlany/commit/5d0fc862c85a2999fd58799144d2fa3d9364ccae

mempodippy commented 7 years ago

That makes sense, I'm dumb. I committed that change without being able to test it. I have removed the suggested section.