selamat datang di kodeibliz selamat hari natal dan tahun baru bagi yg merayakanya
Kamis, 27 Desember 2012
Home » e-book » WRITING A SIMPLE ROOTKIT FOR LINUX
10.22
0 komentar

WRITING A SIMPLE ROOTKIT FOR LINUX



Author: Ormi <ormi.ormi@gmail.com>
Website: http://black-coders.net
In this article, I'll describe how to write a simple rootkit for linux.
However, to understand this article, you must know how to write
linux kernel modules. If you don't know, you can read my article:
http://black-coders.net/articles/linux/linux-kernel-modules.php
What is a rootkit? When you break into sb's system you will probably want to
be able to "come back" there after some time. When you install
a rootkit in that system you will be able to get administrator privileges
whenever you want. Good rootkits can hide in compromised system,
so that they can't be found by administrator. There are many ways to hide in
a system. I'm not going to describe all of them :)
In this article we are talking only about linux rootkits.
There are some main types of rootkits for linux.
For example there are rootkits that replace some most important programs in
system(ls, ps, netstat etc.) with modified versions of them that
won't let administrator see that something's wrong. Although, such a rootkit
is quite easy to detect.
Other rootkits work as linux kernel modules. They work in kernel mode, so
they can do everything they want. They can hide themselves, files,
processes etc. In this tutorial we are talking about this type of rootkits.
Rootkit described in this article is meant to work on "vanilla" kernels >=
2.6.29 On older kernels it doesn't compile properly. However,
after a small modification it can work. But I don't guarantee anything ;)
Please, notice that it is not "true" rootkit. To use its features like
getting root privileges you must have local acces to system with
installed rootkit. It can be "normal" user account, but you must be able to
log to that account. For addition when system with installed rootkit
reboots, our rootkit will be "uninstalled" because it is not loaded at the
boot time. But this article is not meant to give script kiddies
true rootkit which they will be able to use. This article only has to teach
you basics of programming rootkits.

untuk lebih lengkapnya baca di sini
Diposting oleh di 10.22
Label:
Share:

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)