Detect Rootkit on the OS and on the Network with BackTrack5R3

Detect Rootkit on the OS and on the Network with BackTrack5R3 :-

WHAT IS ROOTKIT?

 Rootkit is an application (or set of applications), that hides its presence or presence of another application (virus, spyware, etc.) on the computer, using some of the lower layers of the operating system (API function redirection, using of undocumented OS functions, etc.), which makes them almost undetectable by common anti-malware software.

 The “rootkit”  term comes originally from UNIX system and UNIX-like systems and it is made up of two parts: “root” and “kit“. The “root” level on UNIX systems is something like administrator privileges on Windows systems. The “kit” part then explains that these tools came to the system usually as a kit made up of more tools.

 Today i am going to Show you How easily you can detect Rootkit on OS and on network with Backtrack5R3 ?

Backtrack5R3 comes with the RKHunter and  CHKRootkit tool for this purpose.

 RKHunter :-  rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Application > BackTrack > Forencics > Anti-Virus Forencic Tools

Now Open RkHunter tool

First Update your rkhunter database with rkhunter –update command

Now run the rkhunter –check command to check the rootkit

it will check the all known rootkits

Now press Enter to check Rookits on the network

Finally you will get the Summary Report