Rooting an app in Windows XP

Post by **Foo** » Wed Aug 02, 2006 10:38 pm

This question might be a tad beyond this forum for reasons that'll be obvious to anyone who can answer it for me:

Can anyone outline a process to get an exe file running under root on a windows XP machine? I specifically need to run a program that will be invisible to a process running under a regular administrator account, and this is the only method I know to accomplish this.

Post by **Foo** » Wed Aug 02, 2006 10:43 pm

In other words, I would like to learn how to deliberately rootkit my own PC with an application of my choosing.

Post by **^misantropia^** » Wed Aug 02, 2006 11:21 pm

You might want to take a look at http://www.rootkit.com/

Post by **Foo** » Wed Aug 02, 2006 11:33 pm

^misantropia^ wrote:You might want to take a look at http://www.rootkit.com/

Thanks, been digging around there for a while. Looks like I'll need to roll my own from some of the supplied.

Post by **Underpants?** » Sat Aug 12, 2006 6:56 am

if it's corporate espionage you're looking to detect, what you really need is an inline usb keylogger.

Post by **Foo** » Sat Aug 12, 2006 11:02 am

Not at all. I rolled my own solution, and it worked pretty well.

I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.

Post by **raw** » Sat Aug 12, 2006 4:48 pm

I would have created a system service using srvany.exe (Windows Resource Kit) and ran it under the System account.

Post by **^misantropia^** » Sat Aug 12, 2006 7:20 pm

Correct me if I'm wrong, but that wouldn't be invisible to an administrator account, would it?

Post by **Tormentius** » Sat Aug 12, 2006 8:23 pm

^misantropia^ wrote:Correct me if I'm wrong, but that wouldn't be invisible to an administrator account, would it?

No, but if you use a common name then it will most likely be overlooked.

Post by **AmIdYfReAk** » Sat Aug 12, 2006 8:29 pm

zomg32 process

Post by **Underpants?** » Mon Aug 14, 2006 6:27 pm

Foo wrote:Not at all. I rolled my own solution, and it worked pretty well.

I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.

I smell horse shit. Why would you not want it visible to administrator on your own PC? Simple packet inspection can be done with ethereal or just about anything, for that matter. Yeah it's pretty obvious, you fucking hacking piece of dung beetle offal.

Post by **Underpants?** » Mon Aug 14, 2006 6:27 pm

I'm emailing your work. I know right where it is, I saw a picture of it once.

Post by **Foo** » Mon Aug 14, 2006 7:53 pm

Underpants? wrote:
Foo wrote:Not at all. I rolled my own solution, and it worked pretty well.

I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.
I smell horse shit. Why would you not want it visible to administrator on your own PC? Simple packet inspection can be done with ethereal or just about anything, for that matter. Yeah it's pretty obvious, you fucking hacking piece of dung beetle offal.

Once more for the slow ones:

Foo wrote:I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it.

Post by **Foo** » Mon Aug 14, 2006 7:53 pm

Underpants? wrote:I'm emailing your work. I know right where it is, I saw a picture of it once.

NOES!!!!