Comments (17)
Thanks for fixing this!
from reptile.
Hi,
There are also some (old) comments:
crashes kernel due to thread safety issues.
doesn't check that all kernel buffers are successfully allocated before use, leading to a crash under certain conditions.
Link: https://www.reddit.com/r/netsec/comments/7a4ehh/reptile_a_lkm_rootkit_for_evil_purposes/
from reptile.
Hi @corefx,
thank you for your reporting. I didnt do many tests before publishing, so I would appreciate any help to testing this. I will take a look at this bug, and I will look all this points mentioned at this (old) comments.
About detection, I thought in writing some obfuscations, but since this rootkit is public, this always will be detected. So I prefer keep the better techniques in priv8 to avoid detections.
do you know this guy that mentioned he is working on a pull request to do some fixings?
from reptile.
Hi,
do you know this guy that mentioned he is working on a pull request to do some fixings?
I don't know him.
from reptile.
I am trying to get this crash, to see what is going on, but I havent got this crash.
What conditions do you having this? Can you help me to understand that?
from reptile.
Hi,
sometimes the remote backdoor works just fine but sometimes I get this crash. I have only tested Reptile on the Virtualbox not on the real hardware. I noticed that the reboot
command always triggers the crash at least on the Ubuntu 18.04 server.
from reptile.
hey guys,
got the same error on a kali linux vmware.
But it also crashes in real world :(
from reptile.
from reptile.
if you are facing this error you can check if /reptile/reptile_shell exists.
but i think that the problem that i've described below is serious too.
to reproduce the error rename your /module/module_shell to something else.
in the decode_n_spawn()
strsep(buf) modifies buf..
so, you can't kfree(buf)
i've tried to make a copy of buf before using it in strsep but then my ip in the shell_execer() is messed up.. it looks like \xffffffff0\xffffffffff8\168.1.13(just an exemple).
i am not a C coder so i can't figure it out.
from reptile.
Hello guys, sorry my delay, I am very busy lately.
So I have written a standalone module to just run the backdoor, and It works fine without crashing. I did a fast verification, and the backdoor in some way was conflicting with l33t_getdents function, and crashing there.
I got another crash too, with l33t_read function. So, I have to do more tests.
@pbr3s, about decode_n_spawn error, you got the point at kfree(buf), but I did a lot of tests with buffer, and the IP is being decoded right. If you are having problems, I need to know more about.
About reptile_shell exists, I saw your pull request, and I will comment it there.
Thanks
from reptile.
Guys, I just commit some things, and I didnt get l33t_getdents crash anymore. I update if(kdir) kfree(kdir);
at the end of this function.
But I am still having l33t_read crash, and vfs_read is unexported in kernel 4.14+, then I will think another way to do that feature.
Thanks
from reptile.
Don't worry about the buffer thing.. it only ocorred when i tried to copy the buffer and use the copy in the strsed.. with your code it decodes fine.
I only tried to modify that because i wanted to properly free the buffer.
from reptile.
Hello guys,
can someone test if Reptile is crashing now? After my last commits I didnt get any crash yet.
thanks
from reptile.
No crashes here. Fedora Server 26 4.11.8-300.fc26.x86_64
from reptile.
No crashes. Tested on:
Ubuntu 18.04 (4.15.0-20-generic)
Ubuntu 16.04.4 (4.4.0-125-generic)
Ubuntu 13.04 (3.8.0-35-generic)
(all 64 bit)
from reptile.
That's nice guys.
I am glad this crashes was solved!
Thank you helping this!
from reptile.
@corefx, can you close this issue if it is really have solved?
from reptile.
Related Issues (20)
- is there gonna be kernel 5.X support? HOT 7
- make error: implicit declaration of function 'memzero_explicit' [-Werror=implicit-function-declaration] HOT 2
- tty hangs while rmmod HOT 2
- Error on running make
- Personal doubts
- Error during "make install" HOT 1
- Error with "kallsyms_on_each_symbol" at make HOT 1
- error on redhat 7
- How to prevent detection
- copy_from_user cause system crash on centos7.8 HOT 1
- Installing Error on Parrot OS HOT 1
- 12312
- linux kernel 5.0+ Compatibility HOT 1
- update for Ubunut22 and other higher version kernel
- Hide processs faile HOT 1
- help
- About memory leaks(关于内存泄漏)
- Reptile-master/kernel/include/config.h:26:25: error: expected ‘)’ before ‘HIDE’ HOT 1
- Can't open reptile_module.ko for reading HOT 4
- AMZN Connection Hide
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reptile.