Government Security
Network Security Resources

Jump to content

Photo

Remote Desktop Rootkits

- - - - - server rootkit
  • This topic is locked This topic is locked
37 replies to this topic

#16 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 15 August 2005 - 10:58 PM

yes it is a 30day trial versoin dont worry :)

#17 Skunky88

Skunky88

    Private First Class

  • Members
  • 23 posts

Posted 16 August 2005 - 06:44 PM

tried to get it startet with radmin2 but it starts a radmin with ntauth on my testing win2k system! someone knows whats the problem?

#18 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 19 August 2005 - 12:53 AM

i guess the default setting is the problem... grab the radmin.reg from one of the rootkits i have upped and incorperate that in it because the default setting for some reason for you is auto at "enable nt security" so what u can do is take the radmin.. that will have it so that nt security is disabled... then it should work fine. so pretty much just mess around with it, remember u are going to want to execute the .reg file before you go and start the radmin service otherwise ur on a wild goosechase.... but that will fix your problem :) enjoy

#19 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 06 May 2006 - 09:22 AM

remember, these things can simply be made just as simple in a batch file as stated, but if you want 1 complete package and dont have a great knowledge or programming just use winrar.

#20 Terminal

Terminal

    Sergeant First Class

  • Sergeant Major
  • 536 posts

Posted 06 May 2006 - 01:05 PM

why u need admdll.dll ?? I use r_server.exe, radmin.reg and raddrv.dll ( v 2.1) and it works pretty fine and also the port and pass can be included in reg file itself ;) .

#21 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 06 May 2006 - 09:37 PM

nice one Insanity. I should also add that for people who dont have or dont want to install Winrar, Windows has its builtin SFX creator, IEXPRESS.EXE . (prolly everyone knows this one but just in case)
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!

#22 TuT

TuT

    Private First Class

  • Members
  • 45 posts

Posted 07 May 2006 - 01:15 AM

Why using radmin, while most of the PC out there are running terminal services ?
I don't like radmin, because most of the time they notice it very quick ;) and if you uses the Telnet option, start telnet remote :P

Anyway up to everybody it's self offcourse, nice explainating though

#23 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 07 May 2006 - 05:58 PM

@ TuT, its really just preference. This tutorial is super basic for basic needs and radmin is a very simple program to get the basic point across. So whats why.

#24 TuT

TuT

    Private First Class

  • Members
  • 45 posts

Posted 07 May 2006 - 10:36 PM

@ TuT, its really just preference. This tutorial is super basic for basic needs and radmin is a very simple program to get the basic point across. So whats why.


That's true, i have been using it for a while, but i noticed it was kinda detected to quick, so i figured out other ways which were less detected.

Allthough if you don't know how to enable it then Radmin comes in very handy ;)

#25 Ryan M

Ryan M

    Global Moderator

  • Colonel
  • 1,740 posts

Posted 08 May 2006 - 05:17 AM

How is this a rootkit? It's nothing more than a silent backdoor. Most anti-viruses pick up Admdll.dll, raddrv.dll, and the r_server.exe as viruses anyway, so if you didn't mod it than it'll just get detected.

Nice attempt though.
There is no security on this earth. Only opportunity.
-Douglas MacArthur

GSO Compiled Exploit Database
----------------------------------------
[b]Mod at GovernmentSecurity

#26 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 08 May 2006 - 06:40 PM

its still considered a rootkit but your right, most av's do pick it up thats why this is just a sample of a simple way to do it.

#27 Ryan M

Ryan M

    Global Moderator

  • Colonel
  • 1,740 posts

Posted 08 May 2006 - 06:47 PM

Just to clear things up, I didn't mean that as a flame-post, It does provide us with some technical insight of how all-in-one hackkits are constructed :)
There is no security on this earth. Only opportunity.
-Douglas MacArthur

GSO Compiled Exploit Database
----------------------------------------
[b]Mod at GovernmentSecurity

#28 Tyler

Tyler

    Master Sergeant

  • Members
  • 838 posts

Posted 08 May 2006 - 06:54 PM

eh ;) no worries no offence taken :)

#29 MpR

MpR

    Private First Class

  • Members
  • 41 posts

Posted 11 May 2006 - 08:44 PM

Although this is very nice knowledge to have in creating this, I must say though, Radmin if you're attempting to use on a remote box the life span overall is probably going to be short. Radmin has been used for so long that if youre to use it on a "high profile" box ie: web / news hosting Id suggest something else. This is still nice for say your average home user but on anything else Id suggest a totally different route. This kind of kit has been used in this same manner for a very long time although it is still efficient for the job its not efficient for a long lasting life with your remote boxes.


But very nice skeleton to start with for many Im sure, there's always room to expand on those type.

Something to keep in mind usually the best backdoor is something the user is already running or is already there.

#30 WeNDoR

WeNDoR

    Private

  • Members
  • 6 posts

Posted 28 April 2007 - 01:02 AM

Well ... nice rootkit ... really usefull ! But there is a Problem ...

AhnLab-V3 2007.4.28.0 04.27.2007 no virus found
AntiVir 7.4.0.15 04.28.2007 no virus found
Authentium 4.93.8 04.27.2007 no virus found
Avast 4.7.981.0 04.26.2007 no virus found
AVG 7.5.0.464 04.26.2007 Potentially harmful program RemoteAdmin.O
BitDefender 7.2 04.28.2007 no virus found
CAT-QuickHeal 9.00 04.27.2007 no virus found
ClamAV devel-20070416 04.28.2007 no virus found
DrWeb 4.33 04.28.2007 no virus found
eSafe 7.0.15.0 04.27.2007 no virus found
eTrust-Vet 30.7.3601 04.27.2007 no virus found
Ewido 4.0 04.27.2007 no virus found
FileAdvisor 1 04.28.2007 no virus found
Fortinet 2.85.0.0 04.28.2007 RAT/RAdmin
F-Prot 4.3.2.48 04.27.2007 W32/RemoteAdmin.A
F-Secure 6.70.13030.0 04.28.2007 Backdoor.Win32.RA-based.z
Ikarus T3.1.1.5 04.28.2007 not-a-virus:RemoteAdmin.Win32.RAdmin.21
Kaspersky 4.0.2.24 04.28.2007 not-a-virus:RemoteAdmin.Win32.RAdmin.21
McAfee 5019 04.27.2007 potentially unwanted program RemAdm-RemoteAdmin
Microsoft 1.2405 04.28.2007 RemoteAccess:Win32/RServer (threat-c)
NOD32v2 2225 04.27.2007 Win32/RemoteAdmin
Norman 5.80.02 04.27.2007 no virus found
Panda 9.0.0.4 04.28.2007 no virus found
Prevx1 V2 04.28.2007 no virus found
Sophos 4.16.0 04.23.2007 RemoteAdmin
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.28.2007 Remacc.Radmin
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.28.2007 Backdoor.Win32.RA-based.v#1
VirusBuster 4.3.7:9 04.27.2007 Backdoor.Radmin.Y
Webwasher-Gateway 6.0.1 04.28.2007 Riskware.RemoteAdmin.R


maybe if you want you can make a Access Remote PC-rootkit :D





Also tagged with one or more of these keywords: server, rootkit