mempodippy/vlany

ERROR: ld.so: object '/lib/libc.so.rootkit.89/SHWpgWVMsYw9.so.$PLATFORM' from /etc/.7AguPgE5g6 cannot be preloaded: ignored.

taibaiyifeng opened this issue · 10 comments

i'm test this root in centos 6.5,but when i finshed, there have many error when i execute command,
[root@localhost vlany]# ls -la
ERROR: ld.so: object '/lib/libc.so.rootkit.89/SHWpgWVMsYw9.so.$PLATFORM' from /etc/.7AguPgE5g6 cannot be preloaded: ignored.
total 156
drwxr-xr-x. 5 root root 4096 Nov 11 00:45 .
drwxr-xr-x. 3 root root 4096 Nov 11 00:34 ..
-rw-r--r--. 1 root root 23147 Nov 11 00:36 config.py
drwxr-xr-x. 8 root root 4096 Nov 11 00:36 .git
-rwxr-xr-x. 1 root root 16517 Nov 11 00:36 install.sh
-rw-r--r--. 1 root root 35141 Nov 11 00:36 LICENSE
drwxr-xr-x. 2 root root 4096 Nov 11 00:39 misc
-rw-r--r--. 1 root root 16 Nov 11 00:41 new_preload
-rw-r--r--. 1 root root 31401 Nov 11 00:36 README
-rw-r--r--. 1 root root 1858 Nov 11 00:36 README.md
drwxr-xr-x. 23 root root 4096 Nov 11 00:36 symbols
-rw-r--r--. 1 root root 15392 Nov 11 00:36 vlany.c
[root@localhost vlany]#
it obvious show something

vlany hasn't been tested on CentOS. All development was done on Debian/Ubuntu.
Once I get home, I'll take a look into this for you. 😄

It may be related to SELinux.

unixfox might have an idea what's going on here... I'd say have a look at what's being denied.
I ran into this problem a long while ago and it should be as easy as giving it the right context for the distro you're on.

@taibaiyifeng Can you give the output of this command:

cat /etc/sysconfig/selinux

?
I don't have this issue using CentOS 7.2 with SELinux disabled.

BUT I can't use the ssh backdoor because the host closes the connection with this error:

id: cannot find name for group ID 574984138

when you say this may be cause by selinux,so i stop my selinux and reboot,after install the rootkit(my system have clone,i return clone),this problem was solved by disable selinux,but i have the same problem with you,this backdoor can't connect ,(i use ssh.sh to cannect,rootkit create user have no useful)

It's understood that the PAM backdoor isn't working right now, but the accept backdoor may still be working. I can't test anything right now, I have terrible internet and I have no working VMs with any available snapshots.
I'll diagnose if the accept backdoor is still functioning when I get home, and I'll debug the currently broken PAM backdoor on a CentOS VM while I'm there.
If it's required on CentOS, use the accept backdoor for now while the PAM backdoor is unusable.
Closing this for now. If any relevant or similar issues arise to this current one, please open another one and I'll get back to you whenever I can.

Why are you closing the issue if the bug isn't resolved? Issues are a good way to know and remember what doesn't work on a program.

You can get a free access to trystack who provide free KVM VMs (including CentOS images) for the development, they reset the environment every 24 hours. There are other free VMs hosters listed here: https://github.com/ripienaar/free-for-dev#iaas.

I've been set on resolving the bug since my last comment. Additionally, I have the bug listed in the README: even if I was to forget, which I won't, it's also there. I know not everyone downloading vlany will be looking at the open or closed issues, thus the bug listing in the README.
I miss out on 6-8 hours a day of dev time, and only in usually 2 (sometimes 1 or 3) of them can I actually access the repository and make miscellaneous changes, so I do what I can with what I have.

No root #Error

No root #Error