Results 1 to 5 of 5

Thread: Distributed Root Kits

  1. #1
    Junior Member
    Join Date
    Jan 2002

    Question Distributed Root Kits

    Playing around and reading, I thought about creating a "distributed rootkit". Essentially, once you have rootkitted one system, the kit will install itself to other systems, and the process repeats until the whole network it "r00ted" I'm just working out the basics now, but please give me any feedback you may have!

    I've though about this much:

    1. The computer is broken into (sufficiently enough) to install a rootkit and configure daemons.

    2. Set up the rooted computer to be a bootstrap server.

    3. One would then poison the router/hub (whatever networking device there is) to make the computers on that part of the network point to our computer as the bootstrap server.

    4. Send a command to the computers to restart, and when they ask our bootstrap server for their booting info, we send them the info and our rootkit.

    5. The rootkit becomes installed onto those computers, and the process repeats itself through the network.

    Notes - there needs to be some kind of check to make sure that a computer is not rebooted if the kit is already installed on it.

    - Is there another way other than to keep setting up computers as bootpd's to infect the computer system? Can one set the routers to point the entire network to an infected segment of the hub (that each runs bootpd), thus reducing the number of computers that run bootpd?

    I'm not completely sure whether this would be the way to go about installing rootkits, but hey, maybe you have some better ideas


    PS. If you got 'em, keep the wise-@$$ comments to yourself

  2. #2
    Join Date
    Oct 2001
    yeah you can set up computers as bootpd's to infect the computer system .one can also set the routers to point the entire network to an infected segment of the hub (that each runs bootpd), thus reducing the number of computers that run bootpd!!

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    Well, telling people to keep wise ass comments to themselves is just asking to get flamed. Thats beside the point. You are not saying you are going to infect computer, you just want to be able to. Its kinda like writing TFN, just because Mixter wrote it doesn't mean Mixter was the bad guy. Its the script kiddies that run it that cause the problem.

    The main problem that I see with your plan is timing. If you actually tried running this during the day, people are going to be kind of suspcious when their computers start rebooting. It would be better to just change where the bootstrap server is, and wait. Yeah, maybe some computers will take a couple weeks to reboot, but you just have to have patience.

    If you really want to get impatient, it would be better to go with a trojan/worm combo pack. Kinda like the rtm worm, but with a root kit and a proper check on the "already infected" flag. Biggest problem there is that unless it is confined to one subnet, it won't be long before someone sees it, and the AV companies write a fix for it.

    Oh yeah, as far as wise ass comments that you don't want, this wouldn't really be a root kit. A root kit keeps you undetected on a system. The second that machine sends out 1 packet that it normally doesn't (from your "root kit") it is nolonger a root kit. It then becomes a trojan.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Join Date
    Jun 2002
    Agreed. I have always beleaved that it is ok to experament with mean 'lil programs like that as long as it isn't exposed to the outside world.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    I'm rootin for Soulman as the difference between a Trojan and root kit I'll not make a wise ass comment but this is a rather general plan no mention of what sort of box the kit is for as different boxes would take different tings. Re-booting is also a big item to over come (Ok Ok sometimes windows re-boots LOL), days are a hard time what with firewalls and live network monitors that watch every type of connect. Good luck know few whom can write root kits even less that want to share them now days. Maybe it's just me but nowdays you root a real server I'd say smells of a honey pot to me. Me I'm gona duck n cover here before the flame throwers are drawn.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts