Pokaż wyniki 1 do 1 z 1

Temat: kernel mode rootkit

  1. #1
    rip jest offline Banned
    May 2008

    Domyślnie KM rootkit [czyli jak ukryc plik i proces naraz]


    Works on:
    -Vista (Run cmd/explorer as admin and launch load.bat from there. Also hiding files doesnt work yet, but fill fix it. Yea, i know, vista sucks.)
    -possibly more, not tested. Must be NT build.

    hide all processes & files beggining at $$

    Will be hidden:
    $$rwe$432 $$ 2$$.exe

    Will not be hidden:
    $ $.exe

    Rename any of your applications to $$something.exe, and run load.bat (you need rootkit.sys in same directory).
    Process should disappear from most process viewers (taskmgr, process explorer, tasklist, and many more).
    Also file is not visible on the explorer/cmd's dir. Keep in mind that querying files can be in many ways, so my method isnt perfect.

    load.bat - simple batch loader
    rootkit.sys - rootkit, all you need is this 1 file, rest are helpers for you
    rootkit.asm - source code, you dont need it to hack
    sc.exe - windows 2000 doesnt have this manager, so i included just in case

    This is simple SDT hook, and will be detected by any antirootkit. Just wrote this as my first one.

    have fun
    Ostatnio edytowane przez rip : 08-11-2008 - 23:51

Podobne wątki

  1. rootkit windows serwer 2000
    By michalski007 in forum Hacking
    Odpowiedzi: 9
    Autor: 05-29-2008, 17:32
  2. rootkit (gotowiec)
    By h3x in forum Wirusy/Konie trojańskie
    Odpowiedzi: 0
    Autor: 04-20-2008, 19:07
  3. GNU/Linux to OS, Linux - kernel
    By m33 in forum Linux
    Odpowiedzi: 3
    Autor: 12-04-2007, 16:15
  4. Kernel
    By eryk in forum Linux
    Odpowiedzi: 7
    Autor: 07-27-2007, 22:33


Zasady Postowania

  • Nie możesz zakładać nowych tematów
  • Nie możesz pisać wiadomości
  • Nie możesz dodawać załączników
  • Nie możesz edytować swoich postów