HackerDefender Rootkit for the Masses
Every month attackers are handed the latest 0-day exploit on a silver platter. There are tons of sites that post the latest exploit and security professionals rush to see exactly how the new exploit can be used to gain access to a remote computer.
Author: Chris Gates, CISSP, GCIH, C|EH, CPTS
Source: http://hakin9.org Hakin9 6/2007
What will you learn…
- How to use Hacker Defender rootkit
- Hiding files, processes, & registry keys
- Using the backdoor client.
What you should know…
- How to use Windows and the Windows file system
- The basics of Windows rootkits
- Windows command line.
But simply gaining access to a system is not the main goal of the new type of organized attackers whose desire is to command their victims to do their bidding. It is said in the security business that getting a shell on a box is easy, but keeping that shell is where the real skill is at. There are several popular methods of keeping access such as creating accounts, cracking passwords, trojans, backdoors and of course rootkits. In this article we are going to discuss rootkits basics and focus specifically on using the HackerDefender rootkit for Windows. Before we start, let’s quickly cover who I am and what I hope to accomplish with this article. I am not a rootkit writer or developer. I am security consultant, and I teach security courses. I have taken and taught numerous hacking courses and hold several hacking certifications. Most of these courses sum up rootkits in a couple of paragraphs with links to the rootkit’s homepage and tell you to basically figure it out for yourself. Time and time again I have watched really motivated students come to a screeching halt when it comes time to work with rootkits, because the documentation that is publicly available does a horrible job at teaching someone how to actually use and deploy the rootkit. My intention is to teach the reader how to set up a basic HackerDefender configuration file, and show a couple of easy methods to get the rootkit on the victim’s machine. I will finish things off with how to interact with the rootkit using the backdoor client and a couple of backdoors that were set up in the rootkit configuration file. I won’t be going too deeply into rootkit basics or theory, current state of rootkit advancements, or recovery from a rootkit level compromise. What we will cover is actually deploying and interacting with the rootkit once the initial system compromise has taken place. I will attempt to point the reader to further resources on topics outside the basic scope of this article. Our goal is to help the reader with the So, what do I do now? question after downloading HackerDefender.
download id="127" format="1"] <div id="upgrade"> <div id="headersubscriptionform">Option for individual subscribers</div> </div>