37 replies to this topic

[Tyler]

yes it is a 30day trial versoin dont worry

[Skunky88]

tried to get it startet with radmin2 but it starts a radmin with ntauth on my testing win2k system! someone knows whats the problem?

[Tyler]

i guess the default setting is the problem... grab the radmin.reg from one of the rootkits i have upped and incorperate that in it because the default setting for some reason for you is auto at "enable nt security" so what u can do is take the radmin.. that will have it so that nt security is disabled... then it should work fine. so pretty much just mess around with it, remember u are going to want to execute the .reg file before you go and start the radmin service otherwise ur on a wild goosechase.... but that will fix your problem enjoy

[Tyler]

remember, these things can simply be made just as simple in a batch file as stated, but if you want 1 complete package and dont have a great knowledge or programming just use winrar.

[Terminal]

why u need admdll.dll ?? I use r_server.exe, radmin.reg and raddrv.dll ( v 2.1) and it works pretty fine and also the port and pass can be included in reg file itself .

[Edu]

nice one Insanity. I should also add that for people who dont have or dont want to install Winrar, Windows has its builtin SFX creator, IEXPRESS.EXE . (prolly everyone knows this one but just in case)

[TuT]

Why using radmin, while most of the PC out there are running terminal services ?
I don't like radmin, because most of the time they notice it very quick and if you uses the Telnet option, start telnet remote

Anyway up to everybody it's self offcourse, nice explainating though

[Tyler]

@ TuT, its really just preference. This tutorial is super basic for basic needs and radmin is a very simple program to get the basic point across. So whats why.

[TuT]

@ TuT, its really just preference. This tutorial is super basic for basic needs and radmin is a very simple program to get the basic point across. So whats why.

That's true, i have been using it for a while, but i noticed it was kinda detected to quick, so i figured out other ways which were less detected.

Allthough if you don't know how to enable it then Radmin comes in very handy

[Ryan M]

How is this a rootkit? It's nothing more than a silent backdoor. Most anti-viruses pick up Admdll.dll, raddrv.dll, and the r_server.exe as viruses anyway, so if you didn't mod it than it'll just get detected.

Nice attempt though.

[Tyler]

its still considered a rootkit but your right, most av's do pick it up thats why this is just a sample of a simple way to do it.

[Ryan M]

Just to clear things up, I didn't mean that as a flame-post, It does provide us with some technical insight of how all-in-one hackkits are constructed

[Tyler]

eh no worries no offence taken

[MpR]

Although this is very nice knowledge to have in creating this, I must say though, Radmin if you're attempting to use on a remote box the life span overall is probably going to be short. Radmin has been used for so long that if youre to use it on a "high profile" box ie: web / news hosting Id suggest something else. This is still nice for say your average home user but on anything else Id suggest a totally different route. This kind of kit has been used in this same manner for a very long time although it is still efficient for the job its not efficient for a long lasting life with your remote boxes.


But very nice skeleton to start with for many Im sure, there's always room to expand on those type.

Something to keep in mind usually the best backdoor is something the user is already running or is already there.

[WeNDoR]

Well ... nice rootkit ... really usefull ! But there is a Problem ...

AhnLab-V3 2007.4.28.0 04.27.2007 no virus found
AntiVir 7.4.0.15 04.28.2007 no virus found
Authentium 4.93.8 04.27.2007 no virus found
Avast 4.7.981.0 04.26.2007 no virus found
AVG 7.5.0.464 04.26.2007 Potentially harmful program RemoteAdmin.O
BitDefender 7.2 04.28.2007 no virus found
CAT-QuickHeal 9.00 04.27.2007 no virus found
ClamAV devel-20070416 04.28.2007 no virus found
DrWeb 4.33 04.28.2007 no virus found
eSafe 7.0.15.0 04.27.2007 no virus found
eTrust-Vet 30.7.3601 04.27.2007 no virus found
Ewido 4.0 04.27.2007 no virus found
FileAdvisor 1 04.28.2007 no virus found
Fortinet 2.85.0.0 04.28.2007 RAT/RAdmin
F-Prot 4.3.2.48 04.27.2007 W32/RemoteAdmin.A
F-Secure 6.70.13030.0 04.28.2007 Backdoor.Win32.RA-based.z
Ikarus T3.1.1.5 04.28.2007 not-a-virus:RemoteAdmin.Win32.RAdmin.21
Kaspersky 4.0.2.24 04.28.2007 not-a-virus:RemoteAdmin.Win32.RAdmin.21
McAfee 5019 04.27.2007 potentially unwanted program RemAdm-RemoteAdmin
Microsoft 1.2405 04.28.2007 RemoteAccess:Win32/RServer (threat-c)
NOD32v2 2225 04.27.2007 Win32/RemoteAdmin
Norman 5.80.02 04.27.2007 no virus found
Panda 9.0.0.4 04.28.2007 no virus found
Prevx1 V2 04.28.2007 no virus found
Sophos 4.16.0 04.23.2007 RemoteAdmin
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.28.2007 Remacc.Radmin
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.28.2007 Backdoor.Win32.RA-based.v#1
VirusBuster 4.3.7:9 04.27.2007 Backdoor.Radmin.Y
Webwasher-Gateway 6.0.1 04.28.2007 Riskware.RemoteAdmin.R

maybe if you want you can make a Access Remote PC-rootkit