Jump to content


Photo
- - - - -

how to download a rootkit


  • Please log in to reply
12 replies to this topic

#1 deneb97

deneb97

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male

Posted 06 April 2011 - 07:57 AM

hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97 :biggrin:

Edited by deneb97, 06 April 2011 - 08:15 AM.


#2 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 06 April 2011 - 12:21 PM

hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97 :biggrin:



http://www.stoned-vienna.com/
http://vx.netlux.org/
http://vx.netlux.org...otkit&sa=Search

#3 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 06 April 2011 - 12:36 PM


hi boys!

i'm new of this fantastic forum and i want to know "how can i do a rootkit?"

deneb97 :biggrin:



http://www.stoned-vienna.com/
http://vx.netlux.org/
http://vx.netlux.org...otkit&sa=Search



oh yeah, also http://www.offensivecomputing.net/



or just search porn and click all the popups

#4 deneb97

deneb97

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male

Posted 06 April 2011 - 01:04 PM

thank you very much!
but, I can create a rootkit with ms dos language?
i know ms-dos language

#5 deneb97

deneb97

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male

Posted 06 April 2011 - 02:56 PM

sorry Afterm4th...in one of links who you are shared (maybe this http://vx.netlux.org/) many software are created in a strange format (Rootkit.Win32.Agent.anc) ... do you know a website who have a .exe software?

maybe these files can be opened? or not?

#6 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 06 April 2011 - 07:38 PM

sorry Afterm4th...in one of links who you are shared (maybe this http://vx.netlux.org/) many software are created in a strange format (Rootkit.Win32.Agent.anc) ... do you know a website who have a .exe software?

maybe these files can be opened? or not?


Yes it is possible to create a rootkit in "MSDos Language" but I dont know how effective it would be against todays antivirus technologies. Who knows, old code might slip right past the AV.


Those files that you see in "a strange format" are the source files of the rootkits. You will need a compiler to make them effective.

To be honest it doesnt sound like you know what you're doing. I urge extreme caution when playing with any sort of malware, especially rootkits.


If by some off chance you do think you know what you're doing you can try to get fresh unreleased 0day exploits and rootkits from a site like this

****DANGER DANGER LIVE VIRUS SITE****
freemovtube.info
****DANGER DANGER LIVE VIRUS SITE****


and there are many more listed here:
http://www.freepcsecurity.co.uk/ (this website is great to have for IPs to block in your host file)




Not only can you get rootkits from this domain name, but they WANT you to have their rootkits. So much infact that many of them will employ techniques that will download the files for you! And they'll Install by themselves!!


Again, I hope you know what you're doing. Malware research is very dangerous.

If you have any doubts at all, unplug your computer right now and go play checkers or something because the internet really isn't that friendly of a place.

Edited by Afterm4th, 06 April 2011 - 07:43 PM.


#7 deneb97

deneb97

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male

Posted 07 April 2011 - 11:58 AM

thank you very much! :biggrin:

anyway i know what can doing the virus and the rootkits

#8 Berzerk

Berzerk

    SCRiPT KiDDie

  • Members
  • 29 posts
  • Country:
  • Gender:Male
  • Location:Lone Star

Posted 10 April 2011 - 01:22 AM

LOL!
Good luck.

#9 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 18 April 2011 - 12:22 AM

or just search porn and click all the popups


:laugh::laugh::laugh:

#10 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 30 April 2011 - 01:48 PM


or just search porn and click all the popups


:laugh::laugh::laugh:


I kinda feel this is a situation where it'd be important to point 'em to starter material...

#11 lickfrog

lickfrog

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Not Telling

Posted 09 May 2011 - 07:28 PM

Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?

#12 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 11 May 2011 - 02:44 AM

Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?


If you want to be completely paranoid, unplug the hard disk and boot up to a LiveCD. If you want to get a closer look, make a persistent LiveUSB and when you're finished getting rooted, take a look at that from a forensic LiveCD. Zero risk here, best way it can done.

#13 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 16 June 2011 - 01:08 PM


Are any of the above listed links safe for use/testing in a VM or should someone serious about malware analysis setup and dedicate a test box for this?


If you want to be completely paranoid, unplug the hard disk and boot up to a LiveCD. If you want to get a closer look, make a persistent LiveUSB and when you're finished getting rooted, take a look at that from a forensic LiveCD. Zero risk here, best way it can done.



I'd say dedicated machine with VMs and sandboxie should do the trick.. I using vmware, process explorer, opned files view, and other tools +ida pro




BinRev is hosted by the great people at Lunarpages!