Good Rootkit For Linux And Solaris ?

Full Version: Good Rootkit For Linux And Solaris ?

GovernmentSecurity.org > System Security > Linux & Unix Systems

jimmy

May 16 2004, 11:44 PM

Anyone knows a good rootkit for linux ?
I'm also looking for a rootkit for sparc solaris 2.8.
I know I can google, just wondering anyone had good experiences with some.

Also looking for something to patch the ssh that is running so I have an extra password that is hidden and can be used to enter. Also with logging disable would be nice. I do not look for installs of ssh with such backdoor, I just want to change the ssh that is running already

SCVirus

May 17 2004, 01:14 AM

Adore NG and SH are good ones for Linux, never found anything for solaris.

LikeAHurricane

May 20 2004, 08:12 PM

SucKIT in Linux
no idea about Solaris.

linoxx

Jun 27 2004, 05:56 AM

www.honeynet.org/tools/sebek - should suit your needs if you don't plan on the server / box in question being powered down.

Thanks

Linoxx

SCVirus

Jun 28 2004, 05:32 AM

hxxp://www.honeynet.org/tools/sebek is the best you'll probably find that works on both, it does have some failings but its open source so you can add a in things you need.

zz76

Sep 10 2004, 06:59 AM

my choice

http://stealth.7350.org/rootkits/

RoscoeT

Oct 16 2004, 05:04 AM

I have seem most of those from the wrong end, I found Suckit to be fairly annoying but not impossible to track down and disable. Using root kits is not, imho, a good way to hold a server. The exploit they use should be understood first. I, as an admin, find these right away usually and take the server offline asap. Understanding the exploit will keep you from hanging out the neon "I've been rooted" sign.

Roscoe

chrystalsky

Oct 26 2004, 02:24 PM

http://www.egocrew.de/download-category-4.html

Here you can find a few Rootkits for Linux and i like SuckIT and Knark. Never saw a Solaris Rootkit, only for Linux, BSD and Windows.

*greetz*

SCVirus

Nov 7 2004, 11:46 PM

Absolutly use sabek (modified to taste of cource)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Good Rootkit For Linux And Solaris ? GovernmentSecurity.org > System Security > Linux & Unix Systems jimmy May 16 2004, 11:44 PM Anyone knows a good rootkit for linux ? I'm also looking for a rootkit for sparc solaris 2.8. I know I can google, just wondering anyone had good experiences with some. Also looking for something to patch the ssh that is running so I have an extra password that is hidden and can be used to enter. Also with logging disable would be nice. I do not look for installs of ssh with such backdoor, I just want to change the ssh that is running already SCVirus May 17 2004, 01:14 AM Adore NG and SH are good ones for Linux, never found anything for solaris. LikeAHurricane May 20 2004, 08:12 PM SucKIT in Linux no idea about Solaris. linoxx Jun 27 2004, 05:56 AM www.honeynet.org/tools/sebek - should suit your needs if you don't plan on the server / box in question being powered down. Thanks Linoxx SCVirus Jun 28 2004, 05:32 AM hxxp://www.honeynet.org/tools/sebek is the best you'll probably find that works on both, it does have some failings but its open source so you can add a in things you need. zz76 Sep 10 2004, 06:59 AM my choice http://stealth.7350.org/rootkits/ RoscoeT Oct 16 2004, 05:04 AM I have seem most of those from the wrong end, I found Suckit to be fairly annoying but not impossible to track down and disable. Using root kits is not, imho, a good way to hold a server. The exploit they use should be understood first. I, as an admin, find these right away usually and take the server offline asap. Understanding the exploit will keep you from hanging out the neon "I've been rooted" sign. Roscoe chrystalsky Oct 26 2004, 02:24 PM http://www.egocrew.de/download-category-4.html Here you can find a few Rootkits for Linux and i like SuckIT and Knark. Never saw a Solaris Rootkit, only for Linux, BSD and Windows. greetz SCVirus Nov 7 2004, 11:46 PM Absolutly use sabek (modified to taste of cource) This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.