blank

You'll have to reinstall the rootkit. vlany's persistence method makes this difficult though. To reinstall, you'd have to be in an owner shell and clear ld.so.preload and then make the...

In fact, you could just recompile vlany and replace the old shared libraries with the newly compiled ones.

It's possible. I'll start seeing what I can do on Friday.

As of today, reinstalling vlany is difficult due to the modifications made to the dynamic linker. Take a look at [misc/patch_ld.py](https://github.com/mempodippy/vlany/blob/master/misc/patch_ld.py) This stops /etc/ld.so.preload from being used by the dynamic...

https://asciinema.org/a/a8u6ca1n2ujmgijgldrcdu425 Are you able to connect to the server via ssh as a regular user? Or is permission denied all round? In reference to the output you posted, nothing there...

Doesn't seem like vlany is installed, properly. Try `echo /lib/libc.so.sysinfo.25/full_name_of_lib.so.x86_64 > /etc/ld.so.preload` and see if you can log into the backdoor user via ssh. Also start a new bash shell...

Using the environment variable, look in /lib/libc.so.sysinfo.25/ for the full name of the library, and put that where 'full_name_of_lib' is. It's always randomized, so I don't know what yours will...

Yes. Put that into ld.so.preload, and show me the results. Try connecting to the ssh backdoor user.

Do not remove the installation directory. Ever. Shit will go down. This will cause the dynamic linker to throw a fit, and in more real scenarios, the dynamic linker isn't...

Not all boxes use GRUB as a bootloader. Just reference whatever other config the bootloader uses. i.e. syslinux, gummiboot