Skip to content

add compilation hints to readme #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AITleo wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add compilation hints to readme #13

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ To install Father, download the source code and change the configuration options

To compile the kit you'll need to download libgcrypt on your computer. The dynamic linker will resolve all libgcrypt calls (like from GnuPG) to our dynamic library.

## Compilation

`apt install nasm libgcrypt20-dev libpam0g-dev libc6-dev`

`make`

## Operation

Expand Down Expand Up @@ -61,6 +66,10 @@ This is very easy to implement, but meant moreso as a proof of concept. Since Gn

remove_preload.asm is a short assembly program that unlinks /etc/ld.so.preload. The kit can be removed from the backdoor shell, but this provides a smaller and more easily scripted way to do so. It can be run in a loop by a blue team to prevent installation of most LD_PRELOAD based malware.

### IOCs
## IOCs

* ssdeep: 192:RRhX15E5vzeV88cAgVrJbcvJuxI61ttgjnaJcac0tQCmOuJ/nwfoTnhawnh5HSh:FsvKrcAgrpAq/OaJcacK9BcnEwK

## Tested on

Compilation tested on Linux 5.15.0-91-generic.