Dailydave mailing list archives
Re: DR Linux 2.6 rootkit released
From: Bas Alberts <bas.alberts () immunityinc com>
Date: Thu, 04 Sep 2008 09:29:27 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hrmm .. didn't read moodNT .. mostly it's just a straight translation of the IA software developers manual. MoodNT would have been referenced otherwise. Read DR.c for the gritty details. It was written to be a porting platform for existing syscall hooks. Very simple stuff. In any event, I only wrote the debug register bit (DR.c) .. I think the actual hooks and 'rootkit' functionality could be improved (read my comments in source). Feel free to do so. For me the goal was just to give a simple and clean hooking mechanism based on dr logic, that people could plug into existing 'oldschool' rootkits. Cheers, Bas ninjaboy wrote:
2008/9/3 Bas Alberts <bas.alberts () immunityinc com>:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, Immunity is releasing the DR Linux 2.6 IA32 rootkit under the GPLv2. It is supported by CANVAS (and is thus commercially supported for your penetration-testing needs) but is suitable for standalone use. Currently the rootkit can: o Hide processes o Hide network sockets o Hide files o Get a remote MOSDEF Node (via hidden userland-backdoor)good fork of mood-nt.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIv+K3LpdA2Ju9tfcRAhemAJ9WAydPGDcSfCUsza/pcTDQQ8MflACgglU2 zop+jBkdmjCjzzUfggUzyHk= =BObD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DR Linux 2.6 rootkit released Bas Alberts (Sep 03)
- Message not available
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Message not available
- Re: DR Linux 2.6 rootkit released Joanna Rutkowska (Sep 04)
- Re: DR Linux 2.6 rootkit released Piotr Bania (Sep 05)
- <Possible follow-ups>
- Re: DR Linux 2.6 rootkit released Pierre Falda (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)
- Re: DR Linux 2.6 rootkit released Valdis . Kletnieks (Sep 04)
- Re: DR Linux 2.6 rootkit released Jon Oberheide (Sep 05)
- Re: DR Linux 2.6 rootkit released Curt Wilson (Sep 05)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)