thanks for the great kit! works like a charm! one question though, will port hiding from netstat (fport, tcpview, etc) be implemented? I'm always paranoid that the person on the remote comp will run it, find my IP, and screw me over. thanks!
tweakz20
Apr 13 2004, 10:19 PM
QUOTE (smallcat28 @ Apr 13 2004, 02:30 PM)
I found it in www.rootkit.com already.but i cannt understand the source code,want someone write a help about this source code.
did you try learning the language... or at least looking at a reference to all the commands?
sharky
Apr 14 2004, 12:45 AM
thx I will test that
Masterace
Apr 18 2004, 01:03 AM
Thx for this tool.You can call me a lamer,but can anyone tell me where I can find some german tuts for this Stuff?I'm afraid my english could be to bad understandig how it works and the first thing i learnd was: more reading+understanding=less bad mistakes!
totototo
Apr 18 2004, 03:56 AM
Very good thx.
s3mtexx
Apr 18 2004, 01:15 PM
thnx m8, just what i needed :D:D:D heheheh
LittleHacker
Apr 18 2004, 02:35 PM
kool thanks for source! Is it still Undetected?
Baracuda
Apr 19 2004, 02:18 PM
QUOTE (Masterace @ Apr 18 2004, 01:03 AM)
Thx for this tool.You can call me a lamer,but can anyone tell me where I can find some german tuts for this Stuff?I'm afraid my english could be to bad understandig how it works and the first thing i learnd was: more reading+understanding=less bad mistakes!
just read the source
leviathan
Apr 19 2004, 09:02 PM
QUOTE (Masterace @ Apr 18 2004, 01:03 AM)
Thx for this tool.You can call me a lamer,but can anyone tell me where I can find some german tuts for this Stuff?I'm afraid my english could be to bad understandig how it works and the first thing i learnd was: more reading+understanding=less bad mistakes!
Bah, you managed to write that sentence so your english should be good enough to understand the most english tuts, and you'll learn a good lot of English by reading them
(German here as well ^^)
That rootkit sounds interesting, I'll give it a try at the weekend, thanks a lot for pointing me towards it.
Qlimax
Apr 19 2004, 10:55 PM
someone can tell me what is a r00tkit?
willywutz
Apr 20 2004, 07:18 AM
Hey, just tried the rootkit.
On local machine installed it as administrator everything works fine files / dirs are hidden and not accessible. The vanquish part of filenames was hidden.
Next step installed it in my local lan on another machine using a Bindshell (local system account).
I noticed with Fport / Tlist all process are further visible with full name.
Anyone have same experiences ? OR does i made anything wrong ?
Thx in advance.
EDIT: I see prob seems to be that i started the rootkit with local system acc. Should use runas ( rtfm helped )
ivanchin99
Sep 12 2004, 06:53 AM
i got it.. it hides the file but wont let u access em.. not the kind im finding.. could any1 recomend any rootkit that hide files and allow u to run it?? xcept FU
nackas
Sep 12 2004, 07:53 AM
QUOTE (ivanchin99 @ Sep 12 2004, 04:53 PM)
could any1 recomend any rootkit that hide files and allow u to run it?? xcept FU
hx-def (Hacker Defender) does a great job at hiding files, reg keys, services. I actually use it myself . You may have to do some modding of the source though, as most antivirus nowadays detects it, but there is a tutorial on the board which goes through this.
Installed it on my local PC. In the logfile on c:\ was a success message, but i kann see folder with the "magic string".
Whats wrong??
KoSmO
Sep 17 2004, 12:55 AM
wow
Masterace
Sep 17 2004, 02:37 AM
Think the easiest way to modify hxdef is to pack it with upx and after this use the new version of morphine to make it undetectet.Works fine for me.
Killaloop
Sep 17 2004, 07:23 AM
QUOTE (Masterace @ Sep 17 2004, 02:37 AM)
Think the easiest way to modify hxdef is to pack it with upx and after this use the new version of morphine to make it undetectet.Works fine for me.
install f-secure and try again
this av cracks all versions of morphine and detects even high modified versions of hxdef very good one
garcia
Sep 23 2004, 04:53 PM
thank you it well rootkit I was to test it
macca
Sep 23 2004, 07:43 PM
thx for the rootkit, i wil play some tomoz.. morphine & upx r the best together at hiding exe`s.. but f-secure is a bitch
dd44
Oct 16 2004, 04:14 PM
QUOTE(macca @ Sep 23 2004, 07:43 PM)
thx for the rootkit, i wil play some tomoz.. morphine & upx r the best together at hiding exe`s.. but f-secure is a bitch
Hello!
But when u upx and morphine it, hxdef install a .sys drivers who i think is detected by AV isnt it ?
tibbar
Oct 16 2004, 11:09 PM
yes which is why you need to mod the source to the driver and recompile using DDK
ghost_c
Oct 17 2004, 06:18 AM
interesting....thnks m8
touk
Oct 17 2004, 09:27 AM
QUOTE(dd44 @ Oct 16 2004, 04:14 PM)
QUOTE(macca @ Sep 23 2004, 07:43 PM)
thx for the rootkit, i wil play some tomoz.. morphine & upx r the best together at hiding exe`s.. but f-secure is a bitch
Hello!
But when u upx and morphine it, hxdef install a .sys drivers who i think is detected by AV isnt it ?
Yes you r absolutely r8, that's why your have to mod hxdef ressources using the DDK libs and a C editor.
kok
Oct 17 2004, 04:05 PM
nice tool man thx
kok
Oct 23 2004, 03:18 PM
it's a very nice tool ;-)
[N0N4M3]
Oct 26 2004, 07:21 PM
detected :q
passi
Oct 31 2004, 09:12 PM
Making it undetectable is your job. There are enough threads about this topic in this board.
Btw: Please stop lame replying.
Neoankt
Nov 1 2004, 12:00 AM
QUOTE
Making it undetectable is your job. There are enough threads about this topic in this board.
Btw: Please stop lame replying.
passiw is very much correct for example if you release your version publically then usually within a week AV's will update their sigs and libs in which you version will be detected now if you dont release it and keep it private (or to yourself) its harder
Intox
Nov 1 2004, 01:10 PM
i think that vanqish doesn't hide any port and connection...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
:D:D:D
. You may have to do some modding of the source though, as most antivirus nowadays detects it, but there is a tutorial on the board which goes through this.
