12 replies to this topic

[deneb97]

hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97

Edited by deneb97, 06 April 2011 - 08:15 AM.

[Afterm4th]

hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97

http://www.stoned-vienna.com/
http://vx.netlux.org/
http://vx.netlux.org/search.php?cx=002577580816726040001%3Az9_irkorydo&cof=FORID%3A10&ie=UTF-8&q=+rootkit&sa=Search

[Afterm4th]

hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97

http://www.stoned-vienna.com/
http://vx.netlux.org/
http://vx.netlux.org/search.php?cx=002577580816726040001%3Az9_irkorydo&cof=FORID%3A10&ie=UTF-8&q=+rootkit&sa=Search

oh yeah, also http://www.offensivecomputing.net/



or just search porn and click all the popups

[deneb97]

thank you very much!
but, I can create a rootkit with ms dos language?
i know ms-dos language

[deneb97]

sorry Afterm4th...in one of links who you are shared (maybe this http://vx.netlux.org/) many software are created in a strange format (Rootkit.Win32.Agent.anc) ... do you know a website who have a .exe software?

maybe these files can be opened? or not?

[Afterm4th]

sorry Afterm4th...in one of links who you are shared (maybe this http://vx.netlux.org/) many software are created in a strange format (Rootkit.Win32.Agent.anc) ... do you know a website who have a .exe software?

maybe these files can be opened? or not?

Yes it is possible to create a rootkit in "MSDos Language" but I dont know how effective it would be against todays antivirus technologies. Who knows, old code might slip right past the AV.


Those files that you see in "a strange format" are the source files of the rootkits. You will need a compiler to make them effective.

To be honest it doesnt sound like you know what you're doing. I urge extreme caution when playing with any sort of malware, especially rootkits.


If by some off chance you do think you know what you're doing you can try to get fresh unreleased 0day exploits and rootkits from a site like this

****DANGER DANGER LIVE VIRUS SITE****
freemovtube.info
****DANGER DANGER LIVE VIRUS SITE****


and there are many more listed here:
http://www.freepcsecurity.co.uk/ (this website is great to have for IPs to block in your host file)




Not only can you get rootkits from this domain name, but they WANT you to have their rootkits. So much infact that many of them will employ techniques that will download the files for you! And they'll Install by themselves!!


Again, I hope you know what you're doing. Malware research is very dangerous.

If you have any doubts at all, unplug your computer right now and go play checkers or something because the internet really isn't that friendly of a place.

Edited by Afterm4th, 06 April 2011 - 07:43 PM.

[deneb97]

thank you very much!

anyway i know what can doing the virus and the rootkits

[Berzerk]

LOL!
Good luck.

[army_of_one]

or just search porn and click all the popups

:laugh:

[serrath]

or just search porn and click all the popups

:laugh:

I kinda feel this is a situation where it'd be important to point 'em to starter material...

[lickfrog]

Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?

[serrath]

Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?

If you want to be completely paranoid, unplug the hard disk and boot up to a LiveCD. If you want to get a closer look, make a persistent LiveUSB and when you're finished getting rooted, take a look at that from a forensic LiveCD. Zero risk here, best way it can done.

[Afterm4th]

Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?

If you want to be completely paranoid, unplug the hard disk and boot up to a LiveCD. If you want to get a closer look, make a persistent LiveUSB and when you're finished getting rooted, take a look at that from a forensic LiveCD. Zero risk here, best way it can done.

I'd say dedicated machine with VMs and sandboxie should do the trick.. I using vmware, process explorer, opned files view, and other tools +ida pro