|
Dailydave
mailing list archives
Re: DR Linux 2.6 rootkit released
From: Bas Alberts <bas.alberts () immunityinc com>
Date: Thu, 04 Sep 2008 09:29:27 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hrmm .. didn't read moodNT .. mostly it's just a straight translation of
the IA software developers manual. MoodNT would have been referenced
otherwise. Read DR.c for the gritty details. It was written to be a
porting platform for existing syscall hooks. Very simple stuff.
In any event, I only wrote the debug register bit (DR.c) .. I think the
actual hooks and 'rootkit' functionality could be improved (read my
comments in source). Feel free to do so. For me the goal was just to
give a simple and clean hooking mechanism based on dr logic, that people
could plug into existing 'oldschool' rootkits.
Cheers,
Bas
ninjaboy wrote:
2008/9/3 Bas Alberts <bas.alberts () immunityinc com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
Immunity is releasing the DR Linux 2.6 IA32 rootkit under the GPLv2. It
is supported by CANVAS (and is thus commercially supported for your
penetration-testing needs) but is suitable for standalone use.
Currently the rootkit can:
o Hide processes
o Hide network sockets
o Hide files
o Get a remote MOSDEF Node (via hidden userland-backdoor)
good fork of mood-nt.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIv+K3LpdA2Ju9tfcRAhemAJ9WAydPGDcSfCUsza/pcTDQQ8MflACgglU2
zop+jBkdmjCjzzUfggUzyHk=
=BObD
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
