[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[port139:00486] NTrootkit

To: port139@xxxxxxxxxxxxx
Subject: [port139:00486] NTrootkit
From: Hideaki Ihara <hideaki@xxxxxxxxxxxxx>
Date: Fri, 10 Aug 2001 16:25:31 +0900

Port139 $B$$$O$i$G$9!#(B
(B
(BNTrootkit http://www.rootkit.com/
(B
$B$N(B 40 $B$r;n$7$F$$$k$s$G$9$1$I!"0JA0$h$j$$$m$$$m3HD%$5$l$F$$$^$9$M!#(B
(B
(B-rootkit $B$O%5!<%S%9!J%+!<%M%k%b!<%I(B $B%I%i%$%P!K$H$7$F%$%s%9%H!<%k$5$l$k(B
(B-$B%l%8%9%H%j$X$O(B _root_ $B%5!<%S%9$H$7$FEPO?$5$l$k(B
(B $B3+;O$O(B net start _root_$B!"Dd;_$O(B net stop _root_
(B-$BFH<+$N(B TCP/IP $B%9%?%C%/$rAuHw!J$^$@$h$/8+$F$^$;!<$s!K(B
(B-_root_ $B$,%U%!%$%kL>$N@hF,$K$"$k>l9g$=$l$i$N%U%!%$%k(B/$B%l%8%9%H%j$r1#JC(B
(B $B%(%/%9%W%m!<%i$d(B Regedt32 $B$+$i%U%!%$%k(B/$B%l%8%9%H%j$NB8:_$r3NG'$G$-$^$;$s(B
(B-_root_$B$,@hF,$K$"$k%W%m%;%9$r1#JC(B
(B $B%?%9%/%^!<%8%cEy$G%W%m%;%9$NB8:_$r3NG'$G$-$^$;$s!#(B
(B-EXE redirection
(B $B$3$l$O0JA0$HF1$8$+$J(B
(B-Command Shell
(B 40 $B$G$O(B disable $B$5$l$F$k$_$?$$!#(B
(B $B%+!<%M%k%b!<%I$+$i(B Win32 $B%W%m%;%9$r5/F0!)(B
(B
$B$(!<$H7kO@$+$i$$$/$H!"$3$l$,0lC6F0$-=P$9$H%*%s%i%$%s$G$O8!CN$G$-$=$&$K(B
$B$"$j$^$;$s$M(B(^^;;
(B
(BWindows 2000 $B$G$"$l$P!"2sI|%3%s%=!<%k$G(B _root_ $B$N%5!<%S%9$NB8:_$r3NG'(B
$B$G$-$^$9$1$I!"B>$NL>A0$K$5$l$k$H$-$A$s$H%5!<%S%90lMw$rGD0.$7$F$$$J$$$H(B
$B$_$?$@$1$G$O$o$+$s$J$$$+$b$7$l$^$;$s!#(B
(B
(B
(B---
$B%;%-%e%j%F%#%9%?%8%"%`(B 2001 $B%\%i%s%F%#%"$NJg=8(B
(Bhttp://sec-stadium.hawkeye.ac/
(B
(BHideaki Ihara <hideaki@xxxxxxxxxxxxx>
(BPort139 URL: http://www.port139.co.jp/
(BPGP PUBLIC KEY: http://www.port139.co.jp/pgp/

Follow-Ups:
- [port139:00488] Re: NTrootkit
  - From: Hideaki Ihara

Prev by Date: [port139:00485] Re: port139 $BF]$_2q(B
Next by Date: [port139:00487] Re: port139 $BF]$_(B$B2q(B
Previous by thread: [port139:00480] Re: MS01-033 NT4.0hotfix $B:F%j%j!<%9(B
Next by thread: [port139:00488] Re: NTrootkit
Index(es):
- Date
- Thread