Results 1 to 10 of 10

Thread: Rootkit Scanner

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    Rootkit Scanner

    While searching the internet for information on rootkits I happened to stumble upon this site. Here is a quote as to what this tool can do :

    [Homepage]
    http://www.rootkit.nl
    -- [ Downloads ] --
    [Direct Link to download]
    http://downloads.rootkit.nl/rkhunter-1.00RC1.tar.gz
    [3rd Party RPM [RPM's are not maintained by the author]]
    ftp://ftp.webtrek.com/pub/rpms

    Rootkit Hunter

    Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

    - MD5 hash compare
    - Look for default files used by rootkits
    - Wrong file permissions for binaries
    - Look for suspected strings in LKM and KLD modules
    - Look for hidden files
    - Optional scan within plaintext and binary files

    Rootkit Hunter is released as GPL licensed project and free for everyone to use.

    System requirements:
    - Compatible operating system (see 'Supported operating systems')
    - Bourne Again Shell (BASH)

    Supported operating systems

    Supported:
    - Most Linux distributions
    - Most *BSD distributions

    Currently unsupported:
    - AIX (will be fixed in RC2)

    Tested on:
    - Debian
    - Red Hat Linux 7.1/7.2/7.3/8
    - FreeBSD 4.3/4.4/4.7/4.8
    - FreeBSD 5.0/5.1
    (did it work on your operating system? Let it know me!)

    Extra information

    'Supported' rootkits/backdoors/LKM's/worms:

    55808 Trojan (Variant A)
    Anti Anti-sniffer
    Ambient / ARK (rootkit)
    BeastKit (rootkit)
    BOBKit (rootkit)
    CiNIK worm (Slapper.B variant)
    Devil Kit (rootkit)
    Dica (rootkit)
    FreeBSD (rootkit)
    ****`it (rootkit)
    GasKit (rootkit)
    ImperalsS (FreeBSD Rootkit)
    Li0n worm
    LuCe LKM
    MRK (MiCrobul RK, Devil kit variant)
    NSDAP
    Optic Kit
    Oz Rootkit
    Portacelo
    Sebek LKM (no rootkit, tool for honeypots!)
    Scalper Worm
    Suckit (rootkit)
    THC Backdoor
    and... some known/unknown sniffers, backdoors
    Pretty handy wouldn't you say ?

    Hope that this helps you in some way.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    i thinks this was posted here before



    i did my search and was wrong it was posted someting similar but it wasn't about the same rootkit scanner, some similar links to other rootkit scanners and other tips are down at the SImilar Thread box.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Actually this rootkit is still in it's infancy. I also thought that it would be worth a look for people on this forum.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    well thanks for sharing anyway

  5. #5
    Thanks for the info, I'll scan my system Nice work

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I'll try this one, normaly I use chkrootkit http://www.chkrootkit.org,
    I will try this one out though

    <edit>
    Have tried it, and I must say, it looks realy good..
    It has the SUSE boot sequence charm (nice green [ OK ] signs)
    and realy seems to work well..
    need to check out if it detects any at all (I was clean )

    </edit>
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Kstat is also a good tool for detecting Kernel rootkits.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  8. #8
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I know that there is rootkits out there for *nix but is there any windows ? Or Would a Trojan be almost like a rootkit for windows ? Just wondering
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  9. #9
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Yes a trojan would be similar to a root kit. The difference is the power of Unix based OSs is its command line, the power of Windows based systems is its GUI. So that is why a trojan is a little better. There are Rootkits for windows though.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    But doesn't a rootkit change services ? I am gonna take a guess but is there a rootkit for windows that changes : ftp , telnet , netstat and the sort. Or would it change something different ?

    I've also read somewhere that if someone manages to replace your msgina.dll [ might be wrong with the file name ] with a trojaned one then well your basically screwed. The reason why I cannot remember.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •