Re: Administration password

From: DJ (dj19_at_email.si)
Date: 11/16/04

• Next message: Mark: "Re: Test"
• Previous message: Vanguard: "Re: Test"
• In reply to: nemo outis: "Re: Administration password"
• Next in thread: nemo outis: "Re: Administration password"
• Reply: nemo outis: "Re: Administration password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 16 Nov 2004 20:03:04 +0100

nemo outis wrote:
>>but how can they run hidden? somewhere must be some entrys for loading
>>it at startup or? in registry run, runonce, .. or in services, startup
>>folder.. - if thats clean, then there are no spys or?
>>
>>D
>
>
>
> I don't say this IS what they're doing, but I'm going to discuss
> what IS possible.
>
> Using a "root kit," files, registry entries, whole directory
> trees, ports and every other sort of resource can become (almost)
> completely hidden, even from processes designed to look for them.
>
> In essence the root kit attaches itself at the deep OS level and
> instructs ANY program using the OS API to *not* report their
> existence (e.g., when scanning a directory for the files they
> contain).
>
> Root kits have been fairly well-known in the Unix/Linux/*BSD
> world for a long time, but they're just starting to gain
> widespread recognition in Windows. One site which discusses them
> (there are many) is the eponymous rootkit.com
>
> In fact, just recently I alluded here to one of the neatest ways
> of implementing a "root-kit equivalent" - the use of appinit_dlls
> (a fully legitimate part of the Windows API but one which lends
> itself very easily to abuse). Incidentally, the appinit_dlls
> exploits even conceal that appinit_dlls is being used.

About rootkits.. hacker must hack to the system and then setup it or?
I am thinking about windows based servers.

But it there is no write or execute permission, can't place rootkit on
the server or?

Greets
D

---

• Next message: Mark: "Re: Test"
• Previous message: Vanguard: "Re: Test"
• In reply to: nemo outis: "Re: Administration password"
• Next in thread: nemo outis: "Re: Administration password"
• Reply: nemo outis: "Re: Administration password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: free cell ... Windows 98, instructions are further down.): ... On the General tab, click Selective Startup, and then click to clear the ... Process System.ini File, Process WIn.ini File, and Load Startup Items check ... Windows 98 includes a System Configuration Utility tool to ... (microsoft.public.games) NewestShareware.com Issue #89 ... FileBoss for Windows ... Program Homepage/Download url ... In general users make a program execute at window startup by ... Adding programs to the Registry and WIN.INI file protects the program. ... (comp.software.shareware.announce) Re: Physical Memory ... A description of Svchost.exe in Windows XP ... locator.exe is the Remote Procedure Call Locator service. ... How To Prevent Quicktime From Loading At Startup ... and run Startman and/or Startup Control Panel. ... (microsoft.public.windowsxp.configuration_manage) Re: msconfig problem ... Operating system is Windows XP Home Edition Version 2002 with SP2. ... Administrator to make the return to Normal Startup. ... Event Type: Warning ... (microsoft.public.windowsxp.help_and_support) Re: Physical Memory ... A description of Svchost.exe in Windows XP ... locator.exe is the Remote Procedure Call Locator service. ... How To Prevent Quicktime From Loading At Startup ... and run Startman and/or Startup Control Panel. ... (microsoft.public.windowsxp.configuration_manage)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)