@TheX any chance you attach hxdef builder here or upload it somehwere? no working links avail, and i would like to check it out

The link von cowsonfire still works so why should i attach the builder?

anyone please upload the builder again
Tks

why are you all so keen to use the builder? just download delphi and ddk and you're good to go.

and god forbid, you might learn something on the way.

i might add that the builder shouldn't be hosted on GSO as it is effectively warez since it steals the compiler from delphi full version and ddk.

I have used Hxdef on my box and works fine which I downloaded Rootkit site but when I replace backdoor with my own then nothing works. Did somebody did it successfully. My main aim is to hide the active connections on particular port. Can somebody give me write up as to how to confiure .INI file in Hxdef. by taking example that the name of backdoor server is xyz.exe is reverse connecting type and connects on port 12345 of client.what are these settings in following sample INI?????




[Settings]
Password=hxdef-rulez what to use for my own backdoor
BackdoorShell=hxdefß$.exe what is this...???what to write for my own backdoor
FileMappingName=_.-=[Hacker Defender]=-._ can it be changed
ServiceName=HackerDefender100 can it be changed
ServiceDisplayName=HXD Service 100 can it be changed
ServiceDescription=powerful NT rootkit
DriverName=HackerDefenderDrv100 can it be changed
DriverFileName=hxdefdrv.sys can it be changed

Regards

sorry but i must say it: do you understand english and do you read read*.* files ?

To hide ports and programs see help file coming with hacker defender itself





These are for hacker defender's own backdor ( see bdcli100.exe in zip file) and not for trojan u put and yeah u can change few of them like service name and service display name and description,, and pass ofcourse ...........dont mess with others if u dont know what u are doing

AND READ HELP FILE which author put in zip file with expectation taht u dont need to ask such question

For my part , I can say that this tut is very good , cuz I done all step by step as mentionned in the tut , and I obtained a 100% working rootkit

Thx to you and hf the author of this great rootkit

Hi

I tested the explained method and the rootkit got still detected.
So i think they have seen these method and have an other string or something like that to find the rootkit.

Also the rootkit dont work all times :-( You must have luck. Specially @ windows 2k3 server and XP i tested.


PS : Could be i have done something wrong....

lol you know how old this thread is?

I tested it @ it was posted. I used the Build kit an the answer was it get detected because this. So i spend lil time to get all the tools and made it step by step also doesn't worked.

this is nice enlightenment phaeton... good knowledge was imparted. thanks for the effort. i'll doc this one.. more power and many more clever ideas from you

Yea, thats true. I packed with upx and morphine - av couldnt detect. But when i executed, av detected .sys file and deleted.
I found something interesting. I packed with different packers and executed, some of them didnt work at all while most of them were hiding files but the backdoor wasnt operating. When stoping service - net stop servicename, I got error that "service wasnt started". I was almost screwed.

All of the links to hxdef builder are dead. If anyone has it, could you please send me.

hm you're right there's no working link

coul sb pls upload the hxdef-builder again or send me a pm

just want to try this tool

thx in advance

try & test
[attachmentid=3394]

hxdef-builder-3.rar @ http://s14.yousendit.com/d.aspx?id=2NF0TBS...LV0U024D97VC1DR
Enjoy Bitches

Unfortunately, the link you have clicked is not available.
Your transfer cannot be completed. Most likely the file has exceeded its allotted bandwidth or has been removed by the original sender or a recipient.

here u got a working link
hxdef-builder-3.rar

Datei /files/2152289/hxdef-builder-3.rar.html nicht gefunden

i think down too

may be they scan for viruses and delete them, and something in this archive is detected as a virus ?

i'm posting it as an attachment, if it's not allowed then delete it.

sry 4 my bad english

phaeton
many thx for SUPER TUT
Pu$u
thx for sharing it

[edit] tibbar - no thnx posts allowed! +1 warning points.

Can someone update this?

How to make it undetectable nowadays?

undectable to avs... go the code cave way and change entry point..
undetable to rk finders.. that i dont know...

Okidok3, got it undetected on NAV2005 now

But when i type in "hxdef -:installonly" it appears "Corrupted inifile! Delete it or fix it and than restart this application."

I deleted the ini but it asppears again

Whats wrong there?

PS: Man whats up with this "Posts in this topic" Shit, this sucks


It works now

But the Bastard still gets detected by McAfee Virusscan Enterprise

Ok...

I found out that Mcafee-Virusscan is much much better than NAV2005.

I Modded it
I UPX'ed it
I Morphined it
I Even Changed the Entry Point!!

This works nice with NAV but N000000, not with McAfee

It's the driver.sys's Fault.