-=WARNING! YOUR SYSTEM COULD BECOME UNSTABLE AFTER INSTALL=-
*** USE AT OWN RISK! ***
This version is THE MOST STABLE one until this point.
Usage of vanquish is limited to NT-based OS'es. The installation of a SP/AntiVirus should not affect vanquish. (micro$oft windoze NT3.x, NT4.x, 2000, 2000S, 2000AS, XP HE, XP Prof, ... and up)
Please excuse the lame ASCII art...;)
Description ==================== Files and registry hiding: This program hides all files/folders containing in its path the string "vanquish". Also it can hide subkeys/values containing that string in their name. It can modify any process (even the SYSTEM ones... he he) and now it does this on EVERY process. A hidden file/folder won't get reported by windowze as occupying space and cannot be found with "Search For Files or Folders..." or similar, and a folder containing hidden files/folders cannot be erased.
Subjective injection: A hidden executable or a normal executable in a hidden folder will NOT get injected with vanquish.dll and so it will be able to see what others can not.
Password logging: After first-time injection, vanquish survives logoff(!!!) and thus is able to intercept logon username, password and domain.
need i say more?
marcofulvio
Oct 9 2003, 02:10 AM
sounds sooooooo good, but that's not the compiled version. Where did u get it? Their FTP is down nor asking username/password which anonymous won't login.
studnikov
Oct 9 2003, 02:24 AM
Here are the compiled files. Enjoy
marcofulvio
Oct 9 2003, 02:54 AM
THE SOFTWARE PACKAGE ==================== includes the following files:
ReadMe.txt - this file vanquish.exe - the initial injector program vanquish.dll - this is the heart of the program startup.reg - makes vanquish load at startup setup.cmd - installation batch file
studnikov
Oct 9 2003, 03:19 AM
thats all it had in there to compile was the files to compile the exe and dll.
virus
Oct 9 2003, 03:39 AM
QUOTE (marcofulvio @ Oct 9 2003, 06:10 AM)
... Where did u get it?
Yes, can u provide us with the link where u got it from ....
coder
Oct 9 2003, 03:54 AM
der! rootkit.com
marcofulvio
Oct 9 2003, 05:10 AM
yeah... blah gotta sign up on their website, than ftp to their server. and you will get the right compiled version
=k3Rn=
Oct 10 2003, 06:23 PM
thx coder - i'll have a look at it!
axl
Oct 10 2003, 07:34 PM
wtf ?!!?
dudes....
dont see me as a damn lamer or any thing...
but how the (filtered) do i use it ?!?!
dazza
Oct 17 2003, 09:06 AM
yeah and me
and can someone get mine working for me any good codez out there want to help me
c°h°
Dec 8 2003, 02:50 PM
Ya damn this one kicks ass,
I am even not able to access the directory per ftp (serv-u)
any ideas how 2 deal with it ?
TIA
biboupoki
Dec 8 2003, 03:52 PM
woa thanx coder !!!
Uli
Dec 8 2003, 04:04 PM
thanks
oOBLazerOo
Dec 8 2003, 08:19 PM
you must be smarter than the computer to use this...lol
SNOZZ
Dec 8 2003, 08:20 PM
Very cool , thx
Deadlocked
Dec 12 2003, 05:16 AM
QUOTE (oOBLazerOo @ Dec 8 2003, 08:19 PM)
you must be smarter than the computer to use this...lol
I think smarter is the one that coded that, the main reason is that you need REAL knowledge about the OS functionality, moreover it gets harder in a closed OS, using is the easy part of the play... ;P
320X
Dec 15 2003, 12:57 AM
good program like regedit -S...roolzs
teest
Dec 15 2003, 02:35 PM
sounds great!
UltraCool
Dec 15 2003, 11:25 PM
omg this sounds good, gonna try it out for sure, thnx alot coder
UC
PaRaDiSo
Dec 16 2003, 02:26 PM
Nice one...let's have a look at it!
Skyliner
Dec 16 2003, 06:01 PM
Awesome tool...BIG THX man!!
Fractured
Dec 19 2003, 07:04 AM
How does it work? What are we supposed to do?
skorpio
Dec 19 2003, 11:40 AM
thx u, but in the zip file there aren't this file:
startup.reg - makes vanquish load at startup setup.cmd - installation batch file
where i find them ?
thx another!
jak3c
Dec 21 2003, 07:32 AM
wowwwwww !!!! this tool is a must have ! i hope this file is not detected by anti viruses....! héhéhéhé ! thanks you for sharing your time to program some handy tools like this...!
sounds nice but there are other rootkits with port hiding and network hiding options for which i look for.
HArd2Burn
Mar 27 2004, 10:13 PM
nice but what is this???
***Application: c:\winnt\system32\_tmp\vanquish.exe ***Time: 7:02:13 ***Date: 2004/03/28 0x00000427: ƒT[ƒrƒX ƒvƒƒZƒX‚ðƒT[ƒrƒX ƒRƒ“ƒgƒ[ƒ‰‚ÉÚ‘±‚Å‚«‚Ü‚¹‚ñ‚Å‚µ‚½B Service Control Dispatcher failed.
tweakz20
Mar 27 2004, 10:51 PM
to the people asking... ROOT KIT - an assembly of programs that subverts the Windows operating system at the lowest levels, and, once in place, cannot be detected by conventional means.
a root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do.
It uses that position to hide itself. If an application tries to list the contents of a directory containing one of the root kit's files, the malware will censor the filename from the list. It'll do the same thing with the system registry and the process list. It will also hide anything else the hacker controlling it wants hidden -- mp3s, password lists, a DivX of the last Star Trek movie. As long as it fits on the hard drive, the hidden cargo doesn't have to be small or unobtrusive to be completely cloaked.
it's like a trojan... but more advanced...... it isn't meant for YOU to open, it's for your target!
Thanks for the hard work put into this rootkit I will take a look at it in a few.
TheRealGiant
Mar 28 2004, 09:35 AM
I've tried it on my own computer, and it worked very well.
But now I want to uninstall the vanquish.exe but the setup.cmd wont work. It gets stuck before running command %SystemRoot%\vanquish.exe -remove
Pleas sombody help me
//edit: Yeah, I'm a dumbass. I shouldn't have tried it on my own pc ...
//edit2: A-ha! I could delete it under DOS only. Anyway, it worked
FuzZyBeeR
Mar 28 2004, 11:39 AM
Thanx for this great rootkit
hottzo
Mar 28 2004, 02:20 PM
nice post m8, i have looked @ hacker defender which i think it's the ultimate rootkit, yet outdated. Have u tried fu rootkit? what do u think is best? fu/vanquish/hacker defender?
phaeton
Mar 29 2004, 06:39 AM
hxdef has the most features, if its outdated then update it yourself (how does a rootkit get outdated lol).
fu is nice, uses a nice hiding technique (read @ www.rootkit.com), vanquish is also good.
all are caught by klister so no probs there
SpinKing
Mar 29 2004, 06:40 AM
big thanx for sharing this nice rootkit...
Reckless
Mar 29 2004, 08:06 AM
Does this work on a win98 machine ? There are tons of rootkits for nt machines .. are there any ones for 98 ?
LittleHacker
Mar 29 2004, 07:12 PM
I think it works. isn't there any newer rootkit? (although vanquish is still in beta testing!...)
prog
Mar 30 2004, 01:24 PM
Too many 'how do i use this' comments in a rootkit thread. Is it just me or should you guys know what a rootkit is and how to use it.
tweakz20
Mar 30 2004, 09:52 PM
is it just me or did you forget a question mark? it's new for most people... but hey, we're all here to learn.
PROGRAM = OPEN... but NOT YOU.. THEM OPEN... (or force it to open in a hack!) if you ask how to open it through hacking... you've got some reading to do
z73
Mar 31 2004, 12:25 PM
Thx a lot sounds nice. Gonna check this one out
8Ball
Mar 31 2004, 02:22 PM
mhh used hxdef100 a self modded version but i will give vanquish a try maybe its much better, hxdef always had some diffs with av progs so wait and see thx anyway for the kit
easternerd
Mar 31 2004, 11:53 PM
very good. a bit more information would have been helpful though. any links on where i can find a complete documentation ? thankyou.
iWeasel410
Apr 12 2004, 12:22 AM
interesting tool, will give it a try, thanks coder
sfzhi
Apr 12 2004, 10:57 AM
Thanks for the hard work put into this rootkit i will try it in a few days
hottzo
Apr 12 2004, 01:13 PM
thx 4 the info
misa
Apr 13 2004, 04:45 AM
i just tried it, works awesome... great work man
i recommend this to everyone
smallcat28
Apr 13 2004, 02:30 PM
I found it in www.rootkit.com already.but i cannt understand the source code,want someone write a help about this source code.
Erra
Apr 13 2004, 09:01 PM
I have a problem with this rootkit, it says it hides services with the "Magic word" in them. So, I have two services, one using apptoservice and one that is my servu. The app to service one I give a name with the "Magic word" and it hides fine. The servu one also have a name with the magic word (using hex editing) and it doesnt hide at all... sits there for all the world to see the sod of a thing
Any one know why this is?
Cheers
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
