Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Hacker Defender Recompiled
Posted 31 January 2004 - 08:10 AM
it works like heaven
thx a lot for the defender
Posted 31 January 2004 - 08:48 AM
Posted 31 January 2004 - 11:08 AM
if you launch a nc shell, did you do so from your installed ftpd?
if, yes, may i remind you that services defined in the .ini of hxdef are runnin with the sme privs as hxdef itself..
so, ofcourse you see your closed ports as open, because it is 'not infected'
here, an excerpt from the original hxdef readme.txt...
Root Processes is a list of programs which will be immune against
infection. You can see hidden files, directories and programs only with these
root programs. So, root processes are for rootkit admins. To be mentioned in
Root Processes doesn't mean you're hidden. It is possible to have root process
which is not hidden and vice versa.
so, what you probably did, was run nc from a program that was a root process and thus seeing all ports/services..
Posted 31 January 2004 - 12:27 PM
Posted 31 January 2004 - 01:47 PM
Posted 02 February 2004 - 03:49 AM
maybe u did an mistake during recompiling or editing the source...
Posted 02 February 2004 - 03:57 AM
than you're the only one with that prob
maybe you ini is (filtered) up
to install and start you can run install.cmd
Posted 02 February 2004 - 05:39 AM
Posted 02 February 2004 - 05:45 AM
Posted 02 February 2004 - 07:03 AM
indeed, just saw it
isplog.exe -:installonly net start isplog del install.cmd
Posted 02 February 2004 - 10:36 AM
Posted 03 February 2004 - 03:04 PM
i've been getting the early betas for the past year, sorry i dont follow the public releases (holyfather didn't change the numbers, he added letters for release points..)
clubfed, 0.7.3? No port hiding at all there, so what would there be to complain about? Port hiding came in to effect in 0.8.4 :/
Posted 03 February 2004 - 03:06 PM
sorry, if i give it out it'll get picked up by av a lot sooner. i would recommend the aphex rootkit, except it has problems hiding netstat entries half the time... to take an existing rootkit and make it undetectable, load it in a debugger or hex editor and find what exact string the AV is detecting, and change it. in many cases you change switch asm instructions order, use equivelent replacements, etc... sorry.
clubfed want to hook me up with it? anything I can do to get it?
Posted 03 February 2004 - 05:00 PM
Changing text strings might beat Norton but wont do anything against a better AV.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users