| Name |
Description |
| cgaty |
Hi, I was reading the book “The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System” and I'd like to qualify a few things about the chapter “Hooking the GDT - Installing a Call Gate”. A PoC driver is included at the end of the article that supports WalkGDT for multiple COREs.
This is the mirror POC of my post in:
http://blog.48bits.com/2010/01/08/rootkit-arsenal-installing-a-call-gate/ |
| dwtf v1 |
This is the mirror of offical tool released at:
http://rootkitanalytics.com/tools/dwtf.php
dwtf v1 is a fake DLL maker. It creates the fake DLL, based on the original DLL given to it as input. It exports all symbols of real.dll and imports all exports of real.dll (including Forwarder). It creates an area code with a JMP DWORD [ADDRESS] for each export and more. |
| cypher.rar |
I created a tool useful to reversing and keygen stuff.
The desing is simple, you only need program a DLL which implement the algorithm, using
the data from a buffer, and the application load the dll, open the files, process the outputs etc... |
| Bypass dllinj_wbti |
Bypassing DLL injection method based in thread injection or based in code injection in any thread diferent to main (in this case).
More information :
http://www.openrce.org/blog/view/1326/
AuxLib_-_Reverse_engineering_of_
Auxiliary_Windows_API_Library_
(x86_and_x86_64)
https://www.rootkit.com/blog.php?user=Dreg |
| Bypass Easy-hook |
This project bypass windows hook engines which if the LoaderLock is held not executes the hook handler.
More information :
http://www.openrce.org/blog/view/1328/
Bypassing_windows_hook_engines_which_if
_the_LoaderLock_is_held_not_executes_the
https://www.rootkit.com/blog.php?user=Dreg |
| AuxLib |
Here my reversing of the Auxiliary Windows API Library (x86 and x86_64), Release 1.0. (MIT License) This library is useful
to avoid deadlocks and other stuff:
More information:
http://www.openrce.org/blog/view/1326/
AuxLib_-_Reverse_engineering_of_
Auxiliary_Windows_API_Library_(x86_and_
x86_64)
https://www.rootkit.com/blog.php?user=Dreg
|
| phook |
phook - The PEB Hooker: new versions of the tools of the paper published in phrack 65, the paper talks about a method
for 'hooking' Windows DLLs using PEB and other tools.
Original link:
http://phrack.org/issues.html?issue=65
&id=10#article
|
| Jointrooter |
Routers pen-test tool through TELNET and soon SSH; for this purpose uses dictionaries and a file with different router model prompts, to be able to audit more routers, just new prompts have to be added.
|
LO/LS/
OT_SC +
STDEINSU_GV |
Tool created to exchange and escalate privileges in GNU/Linux, infecting ELF's with writting permissions from other users, also uses the tool LOCATE to obtain file names that wouldn't be able to get them due to directory permissions. Includes desinfector and scripts to work in an comfortable and fast way.
|
| piathook |
IAT Hooker Process- Able to redirect an entry that allready exists in the IAT to a new one implemented inside a DLL. |
| pebtry |
Able to read the PEB structure and show useful information to the user only using ReadProcessMemory to read the fields and/or structures. |
| enyelkm |
Loadable Kernel Module - Rootkit for Linux 2.6. kernels. |
| fr33disasm |
Disassembler for x86, incomplete. |
| getprocaddress |
GetProcAddress made with MASM32 adapted to be used with viral technology. |
| karping |
Infected ARP detector for Linux. |
| pe32analyzer |
Analyzer programmed with ANSI C for Microsoft's PE32. |