Forums: Rootkit - Hacker Defender - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Rootkit - Hacker Defender

#1 User is offline   setthesun 

  • Master Sergeant
  • Icon
  • Group: Specialist
  • Posts: 574
  • Joined: 13-February 04

Posted 02 September 2004 - 06:19 AM

I tested hacker defender today on my test machine, it's absolutely great tool for getting a box permanently.

And pretty dangerous. Some of antivirus can dedect it I think but it's easy modify source code and recompile it.

I just want to share that, If you don't try it. Go and download;

Website : hxxp://rootkit.host.sk/
Direct Download : hxxp://rootkit.host.sk/release/hxdef100.zip

setthesun me = new setthesun();
0

#2 User is offline   withdraw 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 72
  • Joined: 11-January 04

Posted 02 September 2004 - 06:31 AM

http://www.governmen...topic=6268&st=0
0

#3 User is offline   setthesun 

  • Master Sergeant
  • Icon
  • Group: Specialist
  • Posts: 574
  • Joined: 13-February 04

Posted 02 September 2004 - 10:21 AM

! Sorry how I missed that topic, BTW that thread is great.

setthesun me = new setthesun();
0

#4 Guest_NoRRiS_*

  • Group: Guests

Posted 02 September 2004 - 12:55 PM

setthesun, on Sep 2 2004, 02:19 PM, said:

And pretty dangerous. Some of antivirus can dedect it I think but it's easy modify source code and recompile it.

juste net stop the av
i do that all time and it work all time
After rootkit your tool and hxdef and restart the av without probs ;)
use psservice on pstools for get the service name :)
with that u can do what u want
0

#5 User is offline   r00t 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 85
  • Joined: 17-June 03

Posted 03 September 2004 - 09:55 AM

I have moded my version but it get jet detected by Av's.

I canged 1. hxdef with other word wich have 5 letters. Aso changed -RK and RK_ with 2 other characters. Also in driver source file.

But get detected.

(these is only en example i have changed it in whole source ! )

Orig :

ServerMailslotNamePart='\\.\mailslot\hxdef-rk100s';
ClientMailslotNamePart='\\.\mailslot\hxdef-rkc';
DriverDeviceName='\\.\HxDefDriver';

Moded :

ServerMailslotNamePart='\\.\mailslot\testt-es100s';
ClientMailslotNamePart='\\.\mailslot\testt-esc';
DriverDeviceName='\\.\testtDriver';


:-(
0

#6 User is offline   dont-staY 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 70
  • Joined: 29-December 03

Posted 03 September 2004 - 01:08 PM

try to crypt HXDEF with morphine 1.7 or 1.8, then most of the AVs don't detect it.
0

#7 User is offline   r00t 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 85
  • Joined: 17-June 03

Posted 05 September 2004 - 01:48 AM

Hei m8 its upxed and morphined allready. :-( and get caught.
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting