Detect Rootkit on the OS and on the Network with BackTrack5R3 :-
WHAT IS ROOTKIT?
Rootkit is an application (or set of applications), that hides its presence or presence of another application (virus, spyware, etc.) on the computer, using some of the lower layers of the operating system (API function redirection, using of undocumented OS functions, etc.), which makes them almost undetectable by common anti-malware software.
The “rootkit” term comes originally from UNIX system and UNIX-like systems and it is made up of two parts: “root” and “kit“. The “root” level on UNIX systems is something like administrator privileges on Windows systems. The “kit” part then explains that these tools came to the system usually as a kit made up of more tools.
Today i am going to Show you How easily you can detect Rootkit on OS and on network with Backtrack5R3 ?
Backtrack5R3 comes with the RKHunter and CHKRootkit tool for this purpose.
RKHunter :- rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Application > BackTrack > Forencics > Anti-Virus Forencic Tools
Now Open RkHunter tool
First Update your rkhunter database with rkhunter –update command
Now run the rkhunter –check command to check the rootkit
it will check the all known rootkits
Now press Enter to check Rookits on the network
Finally you will get the Summary Report
chkrootkit :- Click on Application > BackTrack > Forencics > Anti-Virus Forencic Tools > Click on the chkrootkit
Hope you like my post Detect Rootkit on the OS and on the Network with BackTrack5R3, Please Share with others. For more tips visit my other website www.rumyhacktips.com