hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Trojan & Virus Errata
kevin007
Jan 6 2004, 08:54 AM
HackDefender : Hides ports from fport/netstat. Very adaptable, but ver 84 which added these options removed many others.
H4EHook: Appears not to do it (didnt test)
AFX Windows Rootkit 2003 >> hides just from netstat
NT rootkit - nope
vanquish - nope, plus almost not a rootkit in the way you don't have options, just a demo
FU - says nothing about it, does it?

Whats missing from this list, the only one I'm not sure about really is FU

Really I don't want to use hackdef, so any alternative would be great

thanks
cha0s
Jan 6 2004, 11:43 AM
write ur own one, hxdef isnt bad i think well its my opinion
ch0pper
Jan 6 2004, 12:32 PM
pm.exe

by wineggdrop you may have problems fining this one think its private
dmg
Jan 6 2004, 01:13 PM
HackerDefender V1.0 is out!! This is the one to go for IMHO smile.gif
ch0pper
Jan 6 2004, 04:30 PM
yes hxd is good but still a few bugs easy to find if you know how

pm is better check the readme on hxd dox as i am betatester

the new hxd will rock still in alpha stages

ch0pper aka themaskdemon
GhostCow
Jan 6 2004, 06:23 PM
anyone mind spillin the beans on pm? ph34r.gif
GhostCow
Jan 6 2004, 06:32 PM
btw ch0pper, i saw you on the betatesters list hehe what, do you trash computers alot? tongue.gif
dmg
Jan 6 2004, 06:45 PM
Process Master v1.2

http://hxdef.czweb.org/tools/

Is that the one you mean ch0pper?

[edit]
hmmz nope this seems to be a process killer also named pm.exe

This really got me curious so if anyone knows where to get it I would like to test it
[/edit]
kevin007
Jan 6 2004, 10:42 PM
QUOTE (cha0s @ Jan 6 2004, 11:43 AM)
write ur own one, hxdef isnt bad i think well its my opinion

This is something I do not feel able to do smile.gif, I look at the code of hxdef and think "gulp", really I don't have that deep knowledge of windows drivers and kernel hooking, and not enough time.

Reason why hxdef at the moment isnt perfect, hxdef74 was great as its backdoor seemed to work well, it restarted fine with the computer. Version 1 doesn't seem different to version 84 particularily, and I love the ports hiding, but the backdoor appears less reliable, lan testing works fine, just over the net. Plus, there are a large shortage of machines running guarenteed open ports apart from the system ones smile.gif.

I hope that the improvements of hxdef are released sometime soon, I'd offer to test, but about all I can offer is time and machines, but thats kinda pointless and available to most, so smile.gif

Thanks for your replies, unless this pm is released I am guessing that I will have to use haxdef


starsky32
Jan 23 2004, 03:54 PM
Just to add my 2 cents...

Hxdef100 is the best NT rootkit ever made. It hides successfully and without any stability problems ports, files, services, regkeys, processes, and allow to "cheat" with hard drive free space.
The source is available. So it's not very difficult to modify or recode certain parts to modify or add certains functions.
Well, it's my opinion.


kevin007, just a question :
"HackDefender : Hides ports from fport/netstat. Very adaptable, but ver 84 which added these options removed many others."

Well, i don't understand why you're saying that, because hxdef84 (and hxdef 100, -hxdef100 IS hxdef84 +source-) has got all the options of the hxdef073 + ports hiding + hard drive space "cheating" ... And you have the source so you can correct any bugs you may found if you want, or add/modify functions...


Starsky32.


dmg
Jan 23 2004, 08:14 PM
hxdef is imho the best I've seen so far.... And the problems with the backdoor are easilly solved by installing a wollf/winshell backdoor and hiding it with hxdef.
starsky32
Jan 23 2004, 11:27 PM
" And the problems with the backdoor are easilly solved by installing a wollf/winshell backdoor and hiding it with hxdef"

Surrrre :-)) This was my favourite "install" for a looooong time, it's one of the best combination : hxdef+wolff , nothing else :-)

Starsky32.




This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.