+

HackerDefender Rootkit for the Masses

June 1, 2007


HackerDefender Rootkit for the Masses

HackerDefender Rootkit for the Masses

Every month attackers are handed the latest 0-day exploit on a silver platter. There are tons of sites that post the latest exploit and security professionals rush to see exactly how the new exploit can be used to gain access to a remote computer.
Author: 
Chris Gates, CISSP, GCIH, C|EH, CPTS
Source: https://hakin9.org Hakin9 6/2007

What will you learn…

  • How to use Hacker Defender rootkit
  • Hiding files, processes, & registry keys
  • Using the backdoor client.

What you should know…

  • How to use Windows and the Windows file system
  • The basics of Windows rootkits
  • Windows command line.

But simply gaining access to a system is not the main goal of the new type of organized attackers whose desire is to command their victims to do their bidding. It is said in the security business that getting a shell on a box is easy, but keeping that shell is where the real skill is at. There are several popular methods of keeping access such as creating accounts, cracking passwords, trojans, backdoors and of course rootkits. In this article we are going to discuss rootkits basics and focus specifically on using the HackerDefender[1] rootkit for Windows. Before we start, let’s quickly cover who I am and what I hope to accomplish with this article. I am not a rootkit writer or developer. I am security consultant, and I teach security courses. I have taken and taught numerous hacking courses and hold several hacking certifications. Most of these courses sum up rootkits in a couple of paragraphs with links to the rootkit’s homepage and tell you to basically figure it out for yourself. Time and time again I have watched really motivated students come to a screeching halt when it comes time to work with rootkits, because the documentation that is publicly available does a horrible job at teaching someone how to actually use and deploy the rootkit. My intention is to teach the reader how to set up a basic HackerDefender configuration file, and show a couple of easy methods to get the rootkit on the victim’s machine. I will finish things off with how to interact with the rootkit using the backdoor client and a couple of backdoors that were set up in the rootkit configuration file. I won’t be going too deeply into rootkit basics or theory, current state of rootkit advancements, or recovery from a rootkit level compromise. What we will cover is actually deploying and interacting with the rootkit once the initial system compromise has taken place. I will attempt to point the reader to further resources on topics outside the basic scope of this article. Our goal is to help the reader with the So, what do I do now? question after downloading HackerDefender.

download id="127" format="1"]


<div id="upgrade">
<div id="headersubscriptionform">Option for individual subscribers</div>

</div>

Comments

Tagged with:

Leave a Comment

Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.

You must be logged in to post a comment.


IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa