Re: Working ROOTKIT

["Terry Cutler" <jedi31337 () gmail com>]

ok I'll check it out !  Thanks Tyler. Appreciate it

On Fri, Oct 10, 2008 at 3:53 PM, Tyler Hudak <thudak () korelogic com> wrote:
> The one I used was the linux rootkit v5 which is pretty old and may
> not work on the version of suse you are running.  IIRC, that has an
> install script you run which installs it on the system.
>
> Terry Cutler wrote:
> > Cool...thanks so much for sharing. Do you happen to have the
> > instructions you used to install it / use it ? I kinda behind the 8
> > ball and every minute counts.
> >
> > Thanks a million in advance !
> >
> >
> > On Fri, Oct 10, 2008 at 9:29 AM, Tyler Hudak <thudak () korelogic com> wrote:
> > > DOH!  Never mind.  Just saw the other messages in the thread.  :)
> > >
> > > Terry Cutler wrote:
> > > > Great links all, thanks a billion...now for another twist (wouldn't be
> > > > IT without it), it's gotta work on Suse Linux enterprise Server SP2.
> > > >
> > > > I'll try a few of these in the mean time.
> > > >
> > > > On Thu, Oct 9, 2008 at 10:14 PM, Andre' - SemperSecurus
> > > > <sempersecurus () gmail com> wrote:
> > > > > Heya Terry,
> > > > >
> > > > > For starters, you could find and try:
> > > > > RatHole
> > > > > SucKIT
> > > > > Mood-NT 2.3
> > > > > Enyelkm
> > > > > Override
> > > > > Phalanx
> > > > >
> > > > > I'm pretty sure they'll all compile and run under 2.6 kernels.
> > > > >
> > > > > Andre'
> > > > >
> > > > > --
> > > > > Andre' M. Di Mino - SemperSecurus
> > > > > The Shadowserver Foundation
> > > > > adimino () shadowserver org
> > > > > http://www.shadowserver.org
> > > > > Skype: sempersecurus
> > > > > AIM: sempersecurus
> > > > >
> > > > > On Thu, Oct 9, 2008 at 4:47 PM, Terry Cutler <jedi31337 () gmail com> wrote:
> > > > > > Hey everyone, hope you're having a great week so far. I was wondering
> > > > > > if anyone knew of a working Linux ROOTKIT I could use to demonstrate
> > > > > > in a Security course I'm putting together. I'm not looking for ROOTKIT
> > > > > > revealers, but the actually malware.
> > > > > >
> > > > > > Thanks so much in advance !
> > > > > >
> > > > > > --
> > > > > > ./Terry Cutler
> > > > > > Master CNE , CDE, CLP, Certified Ethical Hacker
> > > > > >
> > > > > > ------------------------------------------------------------------------
> > > > > > This list is sponsored by: Cenzic
> > > > > >
> > > > > > Security Trends Report from Cenzic
> > > > > > Stay Ahead of the Hacker Curve!
> > > > > > Get the latest Q2 2008 Trends Report now
> > > > > >
> > > > > > www.cenzic.com/landing/trends-report
> > > > > > ------------------------------------------------------------------------
> > > --
> > > Tyler Hudak
> > > Sr. Security Consultant
> > > KoreLogic Security
> > > 330-208-2286
> > > PGP Fingerprint: 1BA0 6E09 B385 1B26 AFD0 855E 4DB1 B00C C746 95DB
>
> --
> Tyler Hudak
> Sr. Security Consultant
> KoreLogic Security
> 330-208-2286
> PGP Fingerprint: 1BA0 6E09 B385 1B26 AFD0 855E 4DB1 B00C C746 95DB



-- 
./Terry Cutler
Master CNE , CDE, CLP, Certified Ethical Hacker

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------