Out of curiosity and because of a security lecture at university i tried to install a rootkit on a vmware machine. i started by resarching on rootkits and came up with two kinds LKM and trojaned-bin. First i thought LKM looks like the way to go but i was unable to compile any of them. then i tried to install trojaned-bin ones. but no lucky with them either.
After playing around i had a look at the dates of the rootkits. none of them was newer than 2002. Has rootkit development stopped? or is it just a more private stuff nowadays?
And an other very important question. Are rootkits kernel dependent? meaning can a rootkit from back in 2000 (probably made for kernel 2.2) run on a 2.4 or 2.6 kernel?
last question are there somewhere good information sources about rootkits since rootkit.com is down?
Full Version: Linux Rootkits
There are no public kernel land rootkits for linux kernel 2.6. I have seen code for three differnt kernel land rootkits for linux. Its not that devlopement has stoped, per say, but some have given up. I can tell it is MUCH harder to devlope rootkits for linux kernel 2.6, and the three methods I have seen are very dirty, but effective.
Rootkits are a very serious problem. This is one reason why linux is more secure than windows. Bill Gates suggested that you reformat your hard drive if you get a rootkit. Thats up there with "dont' click on links".
Thank you Billy for your childish responce to security.
peace
Rootkits are a very serious problem. This is one reason why linux is more secure than windows. Bill Gates suggested that you reformat your hard drive if you get a rootkit. Thats up there with "dont' click on links".
Thank you Billy for your childish responce to security.
peace
adore-ng has been ported to kernel 2.6, i didnt try it but maybe it works.
i don't know if i'm allowed to post this link.
anyway, are u looking for this.
http://www.eviltime.com/hx-rootkits.htm
anyway, are u looking for this.
http://www.eviltime.com/hx-rootkits.htm
thanks a lot for all your tips. meanwhile im a bit desperate. somehow i cant install any rootkit.
i tried LKM rootkits like adore and superkit and bin rootkits like torn or lrk. i tried this on 2 vmware machines with a 2.4.27 kernel and a 2.6.8 kernel. both with a newly setup debian system.
i edited the correct files to setup the rootkits and then tried to compile. (corrected a few syntax things in configure or makefiles too) but somehow i have no chance of compiling them. im a absolute c noob so i cant really get much info out of the error-messages.
now im just a bit doubtful if any of those public avaiable rootkits is working at all.
did any of you every compiled one of those things and if yes on what system?
i tried LKM rootkits like adore and superkit and bin rootkits like torn or lrk. i tried this on 2 vmware machines with a 2.4.27 kernel and a 2.6.8 kernel. both with a newly setup debian system.
i edited the correct files to setup the rootkits and then tried to compile. (corrected a few syntax things in configure or makefiles too) but somehow i have no chance of compiling them. im a absolute c noob so i cant really get much info out of the error-messages.
now im just a bit doubtful if any of those public avaiable rootkits is working at all.
did any of you every compiled one of those things and if yes on what system?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
