IF you're one cracker, then nice trick, otherwise the rootkits available on internet are pretty tight. Like t0rnkit. And id suggest you to make one of your own. like hexediting tornkit binary so that it doesnt look in /etc/ttyhash *orwhatever that file is which keeps DES encrypted pass of rootkit* , and then using some extra backdoors like bindshell.c and bj.c and more... That way you can make one hell of a rootkit, As well as use sizer.c to manipulate the size of your binaries inorder to avoid being catch by proggies like chkrootkit and lion . Goodluck in your journey, =) And dont forget to let us know, when your article is done. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ --- "Marcelo Barbosa Lima" <mblimaat_private> wrote: >=20 > Hello my friends, >=20 > I am working in articles about forensic for a Linux nagazine >here in Brazil. I need to prepair a "compromised box" and to make an >analysis in it, using TCT. I thought to use one Linux box and simulate >several steps of attackers for installing one rootkit in the machine. I >hope that I dont be moderated again. This is for a good reason :-). I >want a rootkit tool (for Linux kernel 2.4.x) without problems in its >source code. I don=B4t want spend my time doing correct code to compile >later. Thanks in advance, >=20 > Marcelo. > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Run a small business? Then you need professional email like youat_private from Everyone.net http://www.everyone.net?tag ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 20:27:30 PDT