Full Version: Vanquish R00tkit
| CODE |
| ************************************************************************* * * * Vanquish v0.1 beta7 * * * ************************************************************************* * * * Copyright ©2003 XShadow, All rights reserved. * * * ***************************************************** -=WARNING! YOUR SYSTEM COULD BECOME UNSTABLE AFTER INSTALL=- *** USE AT OWN RISK! *** This version is THE MOST STABLE one until this point. Usage of vanquish is limited to NT-based OS'es. The installation of a SP/AntiVirus should not affect vanquish. (micro$oft windoze NT3.x, NT4.x, 2000, 2000S, 2000AS, XP HE, XP Prof, ... and up) Please excuse the lame ASCII art...;) Description ==================== Files and registry hiding: This program hides all files/folders containing in its path the string "vanquish". Also it can hide subkeys/values containing that string in their name. It can modify any process (even the SYSTEM ones... he he) and now it does this on EVERY process. A hidden file/folder won't get reported by windowze as occupying space and cannot be found with "Search For Files or Folders..." or similar, and a folder containing hidden files/folders cannot be erased. Subjective injection: A hidden executable or a normal executable in a hidden folder will NOT get injected with vanquish.dll and so it will be able to see what others can not. Password logging: After first-time injection, vanquish survives logoff(!!!) and thus is able to intercept logon username, password and domain. |
need i say more?
sounds sooooooo good, but that's not the compiled version.
Where did u get it? Their FTP is down nor asking username/password which anonymous won't login.
Where did u get it? Their FTP is down nor asking username/password which anonymous won't login.
Here are the compiled files. Enjoy
THE SOFTWARE PACKAGE
====================
includes the following files:
ReadMe.txt - this file
vanquish.exe - the initial injector program
vanquish.dll - this is the heart of the program
startup.reg - makes vanquish load at startup
setup.cmd - installation batch file
====================
includes the following files:
ReadMe.txt - this file
vanquish.exe - the initial injector program
vanquish.dll - this is the heart of the program
startup.reg - makes vanquish load at startup
setup.cmd - installation batch file
thats all it had in there to compile was the files to compile the exe and dll.
| QUOTE (marcofulvio @ Oct 9 2003, 06:10 AM) |
| ... Where did u get it? |
Yes, can u provide us with the link where u got it from ....
der! rootkit.com
yeah... blah
gotta sign up on their website, than ftp to their server.
and you will get the right compiled version
gotta sign up on their website, than ftp to their server.
and you will get the right compiled version
thx coder - i'll have a look at it!
wtf ?!!?
dudes....
dont see me as a damn lamer or any thing...
but how the (filtered) do i use it ?!?!
dudes....
dont see me as a damn lamer or any thing...
but how the (filtered) do i use it ?!?!
yeah and me
and can someone get mine working for me
any good codez out there want to help me
and can someone get mine working for me
any good codez out there want to help me
Ya damn this one kicks ass,
I am even not able to access the directory per ftp (serv-u)
any ideas how 2 deal with it ?
TIA
I am even not able to access the directory per ftp (serv-u)
any ideas how 2 deal with it ?
TIA
woa thanx coder !!!
thanks 
you must be smarter than the computer to use this...lol 
Very cool , thx
| QUOTE (oOBLazerOo @ Dec 8 2003, 08:19 PM) |
| you must be smarter than the computer to use this...lol |
I think smarter is the one that coded that, the main reason is that you need REAL knowledge about the OS functionality, moreover it gets harder in a closed OS, using is the easy part of the play... ;P
good program like regedit -S...roolzs
sounds great!
omg this sounds good, gonna try it out for sure, thnx alot coder 
UC
UC
Nice one...let's have a look at it!
Awesome tool...BIG THX man!!
How does it work? What are we supposed to do?
thx u, but in the zip file there aren't this file:
startup.reg - makes vanquish load at startup
setup.cmd - installation batch file
where i find them ?
thx another!
startup.reg - makes vanquish load at startup
setup.cmd - installation batch file
where i find them ?
thx another!
wowwwwww !!!! this tool is a must have !
i hope this file is not detected by anti viruses....!
héhéhéhé !
thanks you for sharing your time to program some handy tools like this...!
i hope this file is not detected by anti viruses....!
héhéhéhé !
thanks you for sharing your time to program some handy tools like this...!
offtopic
question could anybody compile it and explain to me how i do it in the future
https://www.rootkit.com/vault/JeFFOsZ/winlo...ck-v0.2-src.rar
/offtopic
question could anybody compile it and explain to me how i do it in the future
https://www.rootkit.com/vault/JeFFOsZ/winlo...ck-v0.2-src.rar
/offtopic
very interresting ! Thanks a lot
sounds nice but there are other rootkits with port hiding and network hiding options for which i look for.
nice but what is this???
***Application: c:\winnt\system32\_tmp\vanquish.exe
***Time: 7:02:13
***Date: 2004/03/28
0x00000427: ƒT[ƒrƒX ƒvƒƒZƒX‚ðƒT[ƒrƒX ƒRƒ“ƒgƒ[ƒ‰‚ÉÚ‘±‚Å‚«‚Ü‚¹‚ñ‚Å‚µ‚½B
Service Control Dispatcher failed.
***Application: c:\winnt\system32\_tmp\vanquish.exe
***Time: 7:02:13
***Date: 2004/03/28
0x00000427: ƒT[ƒrƒX ƒvƒƒZƒX‚ðƒT[ƒrƒX ƒRƒ“ƒgƒ[ƒ‰‚ÉÚ‘±‚Å‚«‚Ü‚¹‚ñ‚Å‚µ‚½B
Service Control Dispatcher failed.
to the people asking...
ROOT KIT - an assembly of programs that subverts the Windows operating system at the lowest levels, and, once in place, cannot be detected by conventional means.
a root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do.
It uses that position to hide itself. If an application tries to list the contents of a directory containing one of the root kit's files, the malware will censor the filename from the list. It'll do the same thing with the system registry and the process list. It will also hide anything else the hacker controlling it wants hidden -- mp3s, password lists, a DivX of the last Star Trek movie. As long as it fits on the hard drive, the hidden cargo doesn't have to be small or unobtrusive to be completely cloaked.
it's like a trojan... but more advanced...... it isn't meant for YOU to open, it's for your target!
Edit: problems downloading? there is a Sticky post about it (in exploit section)
http://www.governmentsecurity.org/forum/in...wtopic=6976&hl=
ROOT KIT - an assembly of programs that subverts the Windows operating system at the lowest levels, and, once in place, cannot be detected by conventional means.
a root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do.
It uses that position to hide itself. If an application tries to list the contents of a directory containing one of the root kit's files, the malware will censor the filename from the list. It'll do the same thing with the system registry and the process list. It will also hide anything else the hacker controlling it wants hidden -- mp3s, password lists, a DivX of the last Star Trek movie. As long as it fits on the hard drive, the hidden cargo doesn't have to be small or unobtrusive to be completely cloaked.
it's like a trojan... but more advanced...... it isn't meant for YOU to open, it's for your target!
Edit: problems downloading? there is a Sticky post about it (in exploit section)
http://www.governmentsecurity.org/forum/in...wtopic=6976&hl=
Thanks for the hard work put into this rootkit
I will take a look at it in a few.
I will take a look at it in a few.
I've tried it on my own computer, and it worked very well.
But now I want to uninstall the vanquish.exe but the setup.cmd wont work.
It gets stuck before running command %SystemRoot%\vanquish.exe -remove
Pleas sombody help me
//edit: Yeah, I'm a dumbass. I shouldn't have tried it on my own pc ...
//edit2: A-ha! I could delete it under DOS only. Anyway, it worked
But now I want to uninstall the vanquish.exe but the setup.cmd wont work.
It gets stuck before running command %SystemRoot%\vanquish.exe -remove
Pleas sombody help me
//edit: Yeah, I'm a dumbass. I shouldn't have tried it on my own pc ...
//edit2: A-ha! I could delete it under DOS only. Anyway, it worked
Thanx for this great rootkit
nice post m8, i have looked @ hacker defender which i think it's the ultimate rootkit, yet outdated. Have u tried fu rootkit? what do u think is best? fu/vanquish/hacker defender?
hxdef has the most features, if its outdated then update it yourself (how does a rootkit get outdated lol).
fu is nice, uses a nice hiding technique (read @ www.rootkit.com), vanquish is also good.
all are caught by klister so no probs there
fu is nice, uses a nice hiding technique (read @ www.rootkit.com), vanquish is also good.
all are caught by klister so no probs there
big thanx for sharing this nice rootkit...
Does this work on a win98 machine ? There are tons of rootkits for nt machines ..
are there any ones for 98 ?
I think it works.
isn't there any newer rootkit? (although vanquish is still in beta testing!...)
isn't there any newer rootkit? (although vanquish is still in beta testing!...)
Too many 'how do i use this' comments in a rootkit thread. Is it just me or should you guys know what a rootkit is and how to use it.
is it just me or did you forget a question mark?
it's new for most people... but hey, we're all here to learn.
PROGRAM = OPEN... but NOT YOU.. THEM OPEN... (or force it to open in a hack!)
if you ask how to open it through hacking... you've got some reading to do
it's new for most people... but hey, we're all here to learn.
PROGRAM = OPEN... but NOT YOU.. THEM OPEN... (or force it to open in a hack!)
if you ask how to open it through hacking... you've got some reading to do
Thx a lot sounds nice. Gonna check this one out
mhh used hxdef100 a self modded version but i will give vanquish a try maybe its much better, hxdef always had some diffs with av progs so wait and see thx anyway for the kit
thx anyway for the kit
very good.
a bit more information would have been helpful though.
any links on where i can find a complete documentation ?
thankyou.
a bit more information would have been helpful though.
any links on where i can find a complete documentation ?
thankyou.
interesting tool, will give it a try, thanks coder
Thanks for the hard work put into this rootkit
i will try it in a few days
i will try it in a few days
thx 4 the info
i just tried it, works awesome... great work man
i recommend this to everyone
i recommend this to everyone
I found it in www.rootkit.com already.but i cannt understand the source code,want someone write a help about this source code.
I have a problem with this rootkit, it says it hides services with the "Magic word" in them. So, I have two services, one using apptoservice and one that is my servu. The app to service one I give a name with the "Magic word" and it hides fine. The servu one also have a name with the magic word (using hex editing) and it doesnt hide at all... sits there for all the world to see the sod of a thing
Any one know why this is?
Cheers
Any one know why this is?
Cheers
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
