[jimmy]

Anyone knows a good rootkit for linux ?
I'm also looking for a rootkit for sparc solaris 2.8.
I know I can google, just wondering anyone had good experiences with some.

Also looking for something to patch the ssh that is running so I have an extra password that is hidden and can be used to enter. Also with logging disable would be nice. I do not look for installs of ssh with such backdoor, I just want to change the ssh that is running already

[SCVirus]

Adore NG and SH are good ones for Linux, never found anything for solaris.

[linoxx]

www.honeynet.org/tools/sebek - should suit your needs if you don't plan on the server / box in question being powered down.

Thanks

Linoxx

[SCVirus]

hxxp://www.honeynet.org/tools/sebek is the best you'll probably find that works on both, it does have some failings but its open source so you can add a in things you need.

[RoscoeT]

I have seem most of those from the wrong end, I found Suckit to be fairly annoying but not impossible to track down and disable. Using root kits is not, imho, a good way to hold a server. The exploit they use should be understood first. I, as an admin, find these right away usually and take the server offline asap. Understanding the exploit will keep you from hanging out the neon "I've been rooted" sign.


Roscoe

[chrystalsky]

http://www.egocrew.d...category-4.html

Here you can find a few Rootkits for Linux and i like SuckIT and Knark. Never saw a Solaris Rootkit, only for Linux, BSD and Windows.


*greetz*

[SCVirus]

Absolutly use sabek (modified to taste of cource)

[blackwarrior]

Solaris usually got the telnetd enabled with ALLOW * in the hosts.deny file so you can just
code a little /bin/login backdoor, compile it on one of your solaris box's that got gcc and use it in future hacks.
for linux systems you should use a lkm based backdoor like SK or adore.. ;x