blank
blank
I've seen this before too actually, but I'm not sure about with LD_PRELOAD hooking - however, it would be a neat feature. It's not incredibly important though. Only in some...
My assumption is that it would occur since the effective GID of the user is changed when using tmux or screen. "uid=0(root) gid=729911652 egid=43(utmp) groups=43(utmp),0(root)" is the output that 'id'...
Problem fixed. The screen process is now completely hidden from process viewers.
Alright, so screen is responsible for making FIFOs, which are basically the screen sessions. The call that does this is [mkfifo()](https://linux.die.net/man/3/mkfifo). ~~I can hook this and make the call automatically...
I do actually have a mkfifo hook that redirects the fifo file and makes a symlink, but it doesn't work for some reason. It creates the fifo file in a...
I should've explained better... vlany only uses /etc/grub.conf as the default option. For grub2, instead of selecting the default config file, using /boot/grub/grub.cfg will work. (The syntax of the files...
From your posted grub.cfg, ``` root@lol:~# cat lol | grep "\bro\b" linux/boot/vmlinuz-3.16.0-4-amd64 root=UUID=11b0b201-d195-42df-89b5-5cc2da17bb67 ro debian-installer=en_US console=tty1 root=LABEL=DOROOT notsc clocksource=kvm-clock net.ifnames=0 quiet linux/boot/vmlinuz-3.16.0-4-amd64 root=UUID=11b0b201-d195-42df-89b5-5cc2da17bb67 ro debian-installer=en_US console=tty1 root=LABEL=DOROOT notsc clocksource=kvm-clock net.ifnames=0...
Ya, grub.cfg is based on whatever's in grub.d. I mentioned in install.sh, I was just assuming most boxes will come with grub(2) installed. Most bootloaders use similar configuration syntax anyway,...
Well this is understandable... I think I might know why this happens though. Are the rootkit libraries/the rootkit's hidden directory completely gone too? Don't see why they would've been wiped....
Access would be appreciated. Sure.