rootkit info
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: rootkit info

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    rootkit info

    A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. A rootkit generally contains network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators. ...
    I found this article and found it very interesting so I thought I would share it. I'm sure many of you have read stuff like this hundreds of times, but this is the first article I've read about rootkits, therefore it intrigued me:
    http://linux.oreillynet.com/pub/a/li...4/rootkit.html
    Enjoy

  2. #2
    Nice post, that article was very explainitory.

    While i've heard of these before, I'd never actually heard the term 'rootkits' used before. I had always heard it referanced as a hacker's 'bag of tricks' or 'bag of goodies' or a cracker's 'crakin toolkit'...

    Also, I never realized they actually would replace the binaries on a UNIX system, meaning the executable commands such as; ls, ps, find, etc - as to simply eliminate any logging associated with the running of those commands while their hacked in... Very devious...

    RRP

  3. #3
    Junior Member
    Join Date
    Nov 2003
    Posts
    17
    Originally posted here by bpiedlow
    Nice post, that article was very explainitory
    that's right

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    111
    Love em, or hate em', rootkits have been around for some time now...If you ever wanted to test how easy it was for an attacker to break your system with a pre-made, use one on yourself, just to get a feel for how it all comes together. I'm not quite sure if people are still coming out with rootkits for every new version of OS that comes out for *nix, but it would be interesting to see. I know for awhile back a couple years ago, every new version of *nix that used to come out, about 1 week later there was a new rootkit for it.

    Additional note however, using the premade rootkits will most likely get you caught, as most smart system admins know how to track down the footprints made by those rootkits. A smart cracker will have his own, premade just for himself, and most likely will not share it with others. (Because the more people know about it, the more system administrators can foot print it).
    Creating further mindless stupidity....through mindless automation.

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    This is a old thread about rootkits http://www.antionline.com/showthread...hlight=rootkit

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    If you want to check some rootkits out and learn more about them, head on over to
    http://www.packetstormsecurity.nl/UN...tion/rootkits/.

    It is a really good idea for Unix sys admin's to know about these since no attacker
    who wants to keep your box is going to leave without trying to install one of these first.
    Unless of course s/he just plans to just rm -rf / on you, and that is pretty rare, thank god.
    Some of these do very interesting things like creating covert channels over icmp, hiding
    their presence from ps and top, etc. Also worthy of mention on the topic is the other
    assesment tools and papers at packetstorm, reading up on this stuff should really help
    all who need to get up to speed on practical Unix security and assesment.

    -- spruious
    Get OpenSolaris http://www.opensolaris.org/

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Posts
    111
    fm -rf / .....now THATS cold.
    Curse the soul who does this bastardly thing.
    Creating further mindless stupidity....through mindless automation.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Originally posted here by disc0rd
    fm -rf / .....now THATS cold.
    Curse the soul who does this bastardly thing.
    _VERY_ cold.

    I suppose the only bright side would be that it would be obvious that the machine had been cracked,
    with not much else to do but restore from a good backup. Ay caramba!
    Get OpenSolaris http://www.opensolaris.org/

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    111
    And sometimes backups can be like a roll of the dice, just gotta hope they had some reliable media.

    And even then the reliable media may not be restorable based on data discrepencies...
    I've got a nice zen garden at my desk...I've found that it helps to start raking the hell outta it and praying to the powers that be, that everything runs okay.

    If I didn't have the zen garden I'd need a vacuum cleaner for all the hair I pulled outta my head
    Creating further mindless stupidity....through mindless automation.

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Zen Garden huh? I should really buy one of those for myself for Christmas.
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •