Im developing a new project:
EQUINOX

A Win32 Rootkit
============
Details
============
-Port-Binding capabilities
-Dynamic Shellcode Injector (User Provided)
-Easy To Use
-Firewall Pipes and Disabling
-Anti-Virus Pipes and Disabling
-Hidden Directories
-Protected Directories
-Encrypted Registry Values (Throw Off)
-Runs as SYSTEM SERVICE
-Universal Systems (Win Only)
-0-Day Exploit capabilities
-Library And General Framework
-Full Networking Support
-Full Feature/Logging Support
-Increase/Decrease User Permissions
-Create/Delete Users/Passwords
-SpyBot Included
-Packet Sniffer
-Keylogger
-Running Services/Applications list
-Artifical Intelligence to hide itself
-Kernel Hacking/Injection Support
-Wipe itself clean
-Close ports
-Cover Tracks
-Incoming IP Spoofer

-AND MUCH MORE! (Future releases)

==============

It will be coded in ASM/C/C++
I know this will be a HUGE Project
and I would like help if anyone is up for the challenge!

Post here and email me @ nexiuscape@gmail.com please

Thanks

wawwwwwwwww

that will be a verry beautifull tool but it's too bad that i can't help you because i don't know the C C++ ect language

indeed very interesting ..


what do you mean "-0-Day Exploit capabilities"...like rx-bot ?? rootkit with scanning options..?... scanning doesn't fit the rootkit idea i think..

EQUiNOX .. nice name

very nice idea
will be a lot of work though
i like the name too

and will it be open-source?

too bad i don't think i'll be able to help to this very nice project

Open source::Yes it will be

0day exploit meaning that the client (you) can execute code on the server by inputing the shellcode.....

what are "Firewall Pipes and Disabling" and "Anti-Virus Pipes and Disabling" ?

Both create pipes through AV's And Firewalls (look at fpipe for example) which allow you to bypass, once through it disables them on command or, since this proggy supports dynamic code execution by shellcode you can send a exploit to shutdown the firewall/AV

ok thx ^^ (i'm currently searching a way to bypass firewall without disabling them)

So does anybody want to help?

*BUMP*

We don't do bumps here, if no one is interested, tough crap.

gotcha

I wish popular posts floated to the top of some list, it would make things better...

This isn't a codeing forum so i don't think many people will want to pick it up here. Some of the code you are looking for is allready aviable. Look at the Agobot variants...
In fact this is so close you should probably use Phatbot-Stoney as a code base.

Also some of your features indicate to me that you don't fully understad some hacking concepts. This will be an issue trying to drum up support.

There is no such thing as artifical intelegence, all code is a type of intelegence.

Peace out

I'm just a cryppe VB coder but your idea soudns great. But wouldn't it be easier to modify an already existing open-source rootkit? you could add the features you miss in those rootkits

Well of course it would be easier but, well as crazy as it sounds (some people may think so) i appreciate coding from the ground up it gives one a better understanding although i may use other things as reference i enjoy coding ground up

as for me understanding hacking concepts i do very much however i took a break for 6 months developing a OS so im relearning some new things

sounds good
whats about a tcp/udp traffic hiding feature and faking HDD space??
sry can´t help you (can´t prog in c oder c++ )
when will it be ready?
will it be 1 executeable + 1 dll/ini or many exec´s ?
which size will it be (more then 1 meg oder less) ??

sry my english is very very bad

it'll take some time and as of now we have a few people working on a NEW executable packer optimized for this proggy

you really should understand that you can't just simply send a shellcode, different mappers require different things, for instance RPC, if XYZ company creates their own auth process in the protocol it won't be as simple as inputting shellcode.

Personally this project reaks of vapourware, not saying I'm attacking your cause just saying skeptics should watch your promises. I really can't see the promise of someone or some people just developing an executable compressor, I myself develop them and any reasonable or comptent programmer rather would not invest time into this project. At any rate good luck however a rootkit isn't that hard of a product and maybe you should lay the framework before you recruit then fill in the holes with side coders like in rx.

can you explain what you mean by:

"Firewall Pipes and Disabling
-Anti-Virus Pipes and Disabling
Artifical Intelligence to hide itself"

I am very familar with writing rootkits yet i have not heard of these concepts...strange huh?

read the other posts

if you are the one developing this project (i doubt you really know what you are talking about) why dont you make a setup yourself first. If this is a project and you are the leader you should make some more detailed explenations on what you want to do.

i am unconvinced you have the technical knowledge to write a rootkit.

Do you intend it to be based on kernel hooks or usermode?

If usermode, what will you hook? native api, or higher level dlls?

Again if usermode, what method of hooking? IAT/EAT pointer overwriting, extended code overwriting?

For your "pipes", have you considered a ndis filter, which could provide a covert channel, invisible to firewalls??

Perhaps you should read this paper for ideas:

http://invisiblethings.org/papers/chameleon_concepts.pdf

To me your spec sounds like a skiddies wet dream, that wont ever happen. I find the "artifical intelligence" bit the most amusing.

Convince me you are up to the job.