DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Rootkit Revealed

Rootkit Revealed


As mentioned earlier rootkits have been associated with UNIX then Linux and today even with windows. Here in this post we will discuss tools and programs that are bundled with rootkits and their functions in short. The main job of rootkit is to provide an attacker unauthorized access to compromised system.
Once an attacker gets access to target system he/she may want to revisit system for some other malicious activities.

In general a rootkit is group of programs or tools like sniffers, keyloggers, spyware, remote administration, log cleaner, trace removers etc. Rootkit can crack the password at the admin level as well as exploit the system's vulnerability. A rootkit can compromise security of the affected system and can also violate its integrity. As mentioned earlier the main motive of rootkit is to allow repeated access of attacker to target system, installing RAT or backdoor process can serve to meet hacker this objective.

To facilitate continued access a rootkit may disable auditing and edit event log to hide its presence. Next to it, it can modify commands in UNIX and Linux system commands to make itself stealthy. It  can also modify device drivers and can take over kernel even in runtime.

Now why an attacker thinks to plant a rootkit. The answer is very simple it provides undisputed and uninterrupted access, that too in super user mode, automatically sniffs important data from network, can easily hide inside command or process, can bypass nearly all security measures once installed.

The components of rootkit are installed either in user mode or in kernel mode. The user mode rootkit modifies system binaries whereas the kernel mode rootkit transforms the system calls from legitimate applications to output the attacker's data instead of the genuine data. Removal of rootkit is easy but not its payload. Rootkits can be removed using alternative drive other than which is infected or better way re-installing system.

An attacker needs administrative privileges to install rootkit in system, so its better to protect system before it gets compromised.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security