This topic is lockedit works like heaven
thx a lot for the defender
greetz
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Hacker Defender Recompiled
Started by
jimmy
, Jan 29 2004 03:34 PM
102 replies to this topic
#31
Burner
-
- Members
-
- 23 posts
Private First Class
Posted 31 January 2004 - 08:10 AM
wooot your tha man
it works like heaven
thx a lot for the defender
greetz
it works like heaven
thx a lot for the defender
greetz
#32
Thom
-
- Members
-
- 308 posts
Staff Sergeant
Posted 31 January 2004 - 08:48 AM
clubfed want to hook me up with it? anything I can do to get it?
#33
shiz
-
- Members
-
- 48 posts
Private First Class
Posted 31 January 2004 - 11:08 AM
thom:
if you launch a nc shell, did you do so from your installed ftpd?
if, yes, may i remind you that services defined in the .ini of hxdef are runnin with the sme privs as hxdef itself..
so, ofcourse you see your closed ports as open, because it is 'not infected'
here, an excerpt from the original hxdef readme.txt...
so, what you probably did, was run nc from a program that was a root process and thus seeing all ports/services..
Holla!
if you launch a nc shell, did you do so from your installed ftpd?
if, yes, may i remind you that services defined in the .ini of hxdef are runnin with the sme privs as hxdef itself..
so, ofcourse you see your closed ports as open, because it is 'not infected'
here, an excerpt from the original hxdef readme.txt...
Root Processes is a list of programs which will be immune against
infection. You can see hidden files, directories and programs only with these
root programs. So, root processes are for rootkit admins. To be mentioned in
Root Processes doesn't mean you're hidden. It is possible to have root process
which is not hidden and vice versa.
so, what you probably did, was run nc from a program that was a root process and thus seeing all ports/services..
Holla!
#34 Guest_jak3c_*
Guest_jak3c_*
-
- Guests
Posted 31 January 2004 - 12:27 PM
the best tools i know!.....
hanks
hanks
#35
phaeton
-
- Members
-
- 137 posts
Specialist
Posted 31 January 2004 - 01:47 PM
clubfed, 0.7.3? No port hiding at all there, so what would there be to complain about? Port hiding came in to effect in 0.8.4 :/
#36
sc0pe
-
- Members
-
- 5 posts
Private
Posted 02 February 2004 - 03:49 AM
looks good, but the kit does not start at all, dont know why.
maybe u did an mistake during recompiling or editing the source...
maybe u did an mistake during recompiling or editing the source...
#37
jimmy
-
- Members
-
- 135 posts
Specialist
Posted 02 February 2004 - 03:57 AM
lol scope
than you're the only one with that prob
maybe you ini is (filtered) up
don't know
to install and start you can run install.cmd
than you're the only one with that prob
maybe you ini is (filtered) up
don't know
to install and start you can run install.cmd
#38
phaeton
-
- Members
-
- 137 posts
Specialist
Posted 02 February 2004 - 05:39 AM
sc0pe if the rk doesnt start at all its definitely your ini. Remeber, you cannot have whitespace characters (<>/|") in the values for settings (ie service name etc).
#39
Double-=V=-
-
- Members
-
- 90 posts
Private First Class
Posted 02 February 2004 - 05:45 AM
Well the install.cmd is incorrect, but imho if you can't even see that you should not be using this.
#40
jimmy
-
- Members
-
- 135 posts
Specialist
Posted 02 February 2004 - 07:03 AM
lol double V
indeed, just saw it
should be
indeed, just saw it
should be
isplog.exe -:installonly net start isplog del install.cmd
#41
sc0pe
-
- Members
-
- 5 posts
Private
Posted 02 February 2004 - 08:29 AM
yes i saw this directly after my post
now works fine
now works fine
#42 Guest_ADiCToJUeGO_*
Guest_ADiCToJUeGO_*
-
- Guests
Posted 02 February 2004 - 10:36 AM
Great Work! Lots of respect
#43 Guest_clubfed_*
Guest_clubfed_*
-
- Guests
Posted 03 February 2004 - 03:04 PM
i've been getting the early betas for the past year, sorry i dont follow the public releases (holyfather didn't change the numbers, he added letters for release points..)clubfed, 0.7.3? No port hiding at all there, so what would there be to complain about? Port hiding came in to effect in 0.8.4 :/
#44 Guest_clubfed_*
Guest_clubfed_*
-
- Guests
Posted 03 February 2004 - 03:06 PM
sorry, if i give it out it'll get picked up by av a lot sooner. i would recommend the aphex rootkit, except it has problems hiding netstat entries half the time... to take an existing rootkit and make it undetectable, load it in a debugger or hex editor and find what exact string the AV is detecting, and change it. in many cases you change switch asm instructions order, use equivelent replacements, etc... sorry.clubfed want to hook me up with it? anything I can do to get it?
#45
absolution
-
- Members
-
- 41 posts
Private First Class
Posted 03 February 2004 - 05:00 PM
By string do you mean a text string? Or a string of a signature?
Changing text strings might beat Norton but wont do anything against a better AV.
Changing text strings might beat Norton but wont do anything against a better AV.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
