Page 1 of 1
Rooting an app in Windows XP
Posted: Wed Aug 02, 2006 10:38 pm
by Foo
This question might be a tad beyond this forum for reasons that'll be obvious to anyone who can answer it for me:
Can anyone outline a process to get an exe file running under root on a windows XP machine? I specifically need to run a program that will be invisible to a process running under a regular administrator account, and this is the only method I know to accomplish this.
Posted: Wed Aug 02, 2006 10:43 pm
by Foo
In other words, I would like to learn how to deliberately rootkit my own PC with an application of my choosing.
Posted: Wed Aug 02, 2006 11:21 pm
by ^misantropia^
You might want to take a look at
http://www.rootkit.com/
Posted: Wed Aug 02, 2006 11:33 pm
by Foo
Thanks, been digging around there for a while. Looks like I'll need to roll my own from some of the supplied.
Posted: Sat Aug 12, 2006 6:56 am
by Underpants?
if it's corporate espionage you're looking to detect, what you really need is an inline usb keylogger.
Posted: Sat Aug 12, 2006 11:02 am
by Foo
Not at all. I rolled my own solution, and it worked pretty well.
I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.
Posted: Sat Aug 12, 2006 4:48 pm
by raw
I would have created a system service using srvany.exe (Windows Resource Kit) and ran it under the System account.
Posted: Sat Aug 12, 2006 7:20 pm
by ^misantropia^
Correct me if I'm wrong, but that wouldn't be invisible to an administrator account, would it?
Posted: Sat Aug 12, 2006 8:23 pm
by Tormentius
^misantropia^ wrote:Correct me if I'm wrong, but that wouldn't be invisible to an administrator account, would it?
No, but if you use a common name then it will most likely be overlooked.
Posted: Sat Aug 12, 2006 8:29 pm
by AmIdYfReAk
zomg32 process
Posted: Mon Aug 14, 2006 6:27 pm
by Underpants?
Foo wrote:Not at all. I rolled my own solution, and it worked pretty well.
I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.
I smell horse shit. Why would you not want it visible to administrator on your own PC? Simple packet inspection can be done with ethereal or just about anything, for that matter. Yeah it's pretty obvious, you fucking hacking piece of dung beetle offal.
Posted: Mon Aug 14, 2006 6:27 pm
by Underpants?
I'm emailing your work. I know right where it is, I saw a picture of it once.
Posted: Mon Aug 14, 2006 7:53 pm
by Foo
Underpants? wrote:Foo wrote:Not at all. I rolled my own solution, and it worked pretty well.
I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it. I guess from the position I'm in now I could probably also inject packets, but I'm not so interested in that.
I smell horse shit. Why would you not want it visible to administrator on your own PC? Simple packet inspection can be done with ethereal or just about anything, for that matter. Yeah it's pretty obvious, you fucking hacking piece of dung beetle offal.
Once more for the slow ones:
Foo wrote:I wanted to do some packet inspection on warrock, but since punkbuster is part of it you have to go a bit further to do it.
Posted: Mon Aug 14, 2006 7:53 pm
by Foo
Underpants? wrote:I'm emailing your work. I know right where it is, I saw a picture of it once.
NOES!!!!
