vlany is a LD_PRELOAD rootkit for x86_64, i686 and ARM architectures.

vlany is a LD_PRELOAD rootkit for x86_64, i686 and ARM architectures.

NOTICE: THIS POST JUST FOR EDUCATION & RESEARCH PURPOSE ONLY! YOU CAN LEARN HOW TO rootkit takes control of the system.
vlany is a LD_PRELOAD rootkit for x86_64, i686 and ARM architectures complete with gid based process hiding, xattr based file hiding, network port hiding, anti-detection, anti-debug, persistent installation, execve commands, PAM (ssh/sftp) backdoor, accept() SSL/plaintext backdoor, easy-to-use installation script, incredibly robust configuration.

vlany installation

vlany installation

Features:
* Process hiding
* User hiding
* Network hiding
* LXC container
* Anti-Debug
* Anti-Forensics
* Persistent (re)installation & Anti-Detection
* Dynamic linker modifications
* Backdoors
*** accept() backdoor (derived from Jynx2)
*** PAM backdoor
**** PAM auth logger
* vlany-exclusive commands

Vlany rootkit library

Vlany rootkit library

Latest Change 7/11/2016:
* Update patch_ld.py
* Update config.py

Use and download:

Source: https://github.com/mempodippy