[Oberon1879]

Out of curiosity and because of a security lecture at university i tried to install a rootkit on a vmware machine. i started by resarching on rootkits and came up with two kinds LKM and trojaned-bin. First i thought LKM looks like the way to go but i was unable to compile any of them. then i tried to install trojaned-bin ones. but no lucky with them either.

After playing around i had a look at the dates of the rootkits. none of them was newer than 2002. Has rootkit development stopped? or is it just a more private stuff nowadays?

And an other very important question. Are rootkits kernel dependent? meaning can a rootkit from back in 2000 (probably made for kernel 2.2) run on a 2.4 or 2.6 kernel?

last question are there somewhere good information sources about rootkits since rootkit.com is down?

[AgentOrange]

There are no public kernel land rootkits for linux kernel 2.6. I have seen code for three differnt kernel land rootkits for linux. Its not that devlopement has stoped, per say, but some have given up. I can tell it is MUCH harder to devlope rootkits for linux kernel 2.6, and the three methods I have seen are very dirty, but effective.

Rootkits are a very serious problem. This is one reason why linux is more secure than windows. Bill Gates suggested that you reformat your hard drive if you get a rootkit. Thats up there with "dont' click on links".

Thank you Billy for your childish responce to security.

peace

[skydance]

adore-ng has been ported to kernel 2.6, i didnt try it but maybe it works.

[Pu$u]

i don't know if i'm allowed to post this link.
anyway, are u looking for this.

http://www.eviltime....hx-rootkits.htm

[Oberon1879]

thanks a lot for all your tips. meanwhile im a bit desperate. somehow i cant install any rootkit.
i tried LKM rootkits like adore and superkit and bin rootkits like torn or lrk. i tried this on 2 vmware machines with a 2.4.27 kernel and a 2.6.8 kernel. both with a newly setup debian system.
i edited the correct files to setup the rootkits and then tried to compile. (corrected a few syntax things in configure or makefiles too) but somehow i have no chance of compiling them. im a absolute c noob so i cant really get much info out of the error-messages.


now im just a bit doubtful if any of those public avaiable rootkits is working at all.
did any of you every compiled one of those things and if yes on what system?

[rider]

Oberon1879, on Apr 9 2005, 01:08 PM, said:

thanks a lot for all your tips. meanwhile im a bit desperate. somehow i cant install any rootkit.
i tried LKM rootkits like adore and superkit and bin rootkits like torn or lrk. i tried this on 2 vmware machines with a 2.4.27 kernel and a 2.6.8 kernel. both with a newly setup debian system.
i edited the correct files to setup the rootkits and then tried to compile. (corrected a few syntax things in configure or makefiles too) but somehow i have no chance of compiling them. im a absolute c noob so i cant really get much info out of the error-messages.


now im just a bit doubtful if any of those public avaiable rootkits is working at all.
did any of you every compiled one of those things and if yes on what system?

hi all .. if you want a good rootkit you can use this
http://ns.lydo.org/2k.tar.gz
you will need to modify that two mail adresess from X and start with ./x password
that rootkit has a list with ports . it works with all linux OS & CentOS

[method]

Could you post a mirror, Rider? Thanks :rolleyes:

[Glyph]

One question.
Are you trying to install the rootkit to the vmware environment or a virtual machine which you created in the vmware environment?

:ph34r:

[cl2k]

for testing rootkits you must test these in a virtual enviroment ...
in linux and other operation systems .... you can make a good lab for this matter .
I introduce to you in linux use : virtual box .... and in windows use : vmware ....
for linux virtual box is bertter than vmware . (my comment)

[toe]

Pu$u, on Apr 9 2005, 05:02 AM, said:

i don't know if i'm allowed to post this link.
anyway, are u looking for this.

http://www.eviltime....hx-rootkits.htm

As what Pu$u said but use this link they have adore-ng whiich is a teso rootkit for kernel 2.4 and 2.6 (02 feb 2007):
http://www.eviltime....ubpage=rootkits

-toe

[RoMaNcYxHaCkEr]

Many Rootkit Linux
http://www.packetsto...ration/rootkits
easy rootkit is name mix.c
RxH
Best Wishes

[sarkar112]

If your testing rootkits, I'd highly suggest running them in a virtual environment, (I use qemu,) and I'd like to point out that linux rootkits are usually kernel modules. (drivers) They are not difficult to develop on newer versions of the kernel, and there are many public, functional open-source rootkits avalible for linux.