Re: Introduction about forensic

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Wed Apr 24 2002 - 01:43:01 PDT

Next message: Marcelo Abdalla dos Reis: "automated forensics"

Previous message: Ronald Prins: "RE: RE : Keystroke loggers used in forensic examination"
Maybe in reply to: Marcelo Barbosa Lima: "Introduction about forensic"
Next in thread: cert: "Re: Introduction about forensic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

IF you're one cracker, then nice trick, otherwise the rootkits available on internet are pretty tight. Like t0rnkit. And id suggest you to make one of your own. like hexediting tornkit binary so that it doesnt look in /etc/ttyhash *orwhatever that file is which keeps DES encrypted pass of rootkit* , and then using some extra backdoors like bindshell.c and bj.c and more... That way you can make one hell of a rootkit, As well as use sizer.c to manipulate the size of your binaries inorder to avoid being catch by proggies like chkrootkit and lion .

Goodluck in your journey, =) And dont forget to let us know, when your article is done.

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ 
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- 
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------

--- "Marcelo Barbosa Lima" <mblimaat_private> wrote:
>=20
>  Hello my friends,
>=20
>            I am working in articles about forensic for a Linux nagazine
>here in Brazil. I need to prepair a "compromised box"  and to make an
>analysis in it, using TCT. I thought to use one Linux box and simulate
>several steps of attackers for installing one rootkit in the machine. I
>hope that I dont be moderated again. This is for a good reason :-). I
>want a rootkit tool (for Linux kernel 2.4.x) without problems in its
>source code. I don=B4t want spend my time doing correct code to compile
>later. Thanks in advance,
>=20
>                                   Marcelo.
>
>-----------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Run a small business? Then you need professional email like youat_private from Everyone.net  http://www.everyone.net?tag

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Marcelo Abdalla dos Reis: "automated forensics"
Previous message: Ronald Prins: "RE: RE : Keystroke loggers used in forensic examination"
Maybe in reply to: Marcelo Barbosa Lima: "Introduction about forensic"
Next in thread: cert: "Re: Introduction about forensic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 20:27:30 PDT