Tuesday , 24 January 2017

Detect Rootkit on the OS and on the Network with BackTrack5R3

Detect Rootkit on the OS and on the Network with BackTrack5R3

Detect Rootkit on the OS and on the Network with BackTrack5R3 :-

WHAT IS ROOTKIT?

 Rootkit is an application (or set of applications), that hides its presence or presence of another application (virus, spyware, etc.) on the computer, using some of the lower layers of the operating system (API function redirection, using of undocumented OS functions, etc.), which makes them almost undetectable by common anti-malware software.

 The rootkit”  term comes originally from UNIX system and UNIX-like systems and it is made up of two parts: “root” and “kit“. The “root” level on UNIX systems is something like administrator privileges on Windows systems. The “kit” part then explains that these tools came to the system usually as a kit made up of more tools.

 Today i am going to Show you How easily you can detect Rootkit on OS and on network with Backtrack5R3 ?

Backtrack5R3 comes with the RKHunter and  CHKRootkit tool for this purpose.

 RKHunter :-  rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

 

Application > BackTrack > Forencics > Anti-Virus Forencic Tools

Detect Rootkit on the OS and on the Network with BackTrack5R3

Now Open RkHunter tool

First Update your rkhunter database with rkhunter –update command

Detect Rootkit on the OS and on the Network with BackTrack5R3

Now run the rkhunter –check command to check the rootkit

it will check the all known rootkits

Now press Enter to check Rookits on the network

Finally you will get the Summary Report

chkrootkit :-                                                                                                  Click on Application > BackTrack > Forencics > Anti-Virus Forencic Tools > Click on the chkrootkit

use the ./chkrootkit -x command for expert mode
it will give detection information

Hope you like my post Detect Rootkit on the OS and on the Network with BackTrack5R3, Please Share with others. For more tips visit my other website www.rumyhacktips.com

 

Use Facebook to Comment on this Post

About Syed Balal Rumy

A 27 year Tech Geek and a blogger from India ( Bihar ) , live in New Delhi. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Powered by themekiller.com anime4online.com animextoon.com apk4phone.com