Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Sunday, August 02, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 18
TeamSpeak Online : 5 Members Online: 1

Registered Members: 89431
Newest Member: gigman7
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-10 17:35
Most viruses override windows executables so they cant be detected
by just browsing the proccesses on the taskmanager.
Example wuauclt.exe (Windows Update)
What method is used to do this? How can i do this?


Author

RE: Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-10 17:55
After reading what Moshbat posted (Thank you for your reply) trying to hide the proccess may irritate antivirus sences Pfft which is not good. On the other
hand, naming the executable like "Windows Update Manager" may give
to my program a more innocent form. Can you name other windows based
executables names?


Author

RE: Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-03-10 04:42
Check out rootkit.com




Edited by on 25-03-10 04:43
Author

RE: Trying To Override Basic Windows Executables

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 25-03-10 12:58
If I recall, there's an old issue of hakin9 that covered this topic showing how it can be done. I can't remember the issue number, but if I recall correctly it also has tutorials on WiFi cracking and RFI/LFI, I think it must've been over a year old now.

ah, here's the issue: http://hakin9.org. . .he-windows


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 25-03-10 13:05
catinthecpu@hotmail.com
Author

RE: Worse!

RootsBabilonia
Member



Posts: 37
Location: Brasil
Joined: 31.03.10
Rank:
God
Posted on 01-07-10 03:24
It is much worse than that! If the virus only override windows executables would be great!
For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilitiesWink]
Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system ... And with the taskmanager you never know about anything! Shock
The only way to know about what is happening on the machine is using:
------------------------
1 - CMD.exe
2 - Type Tasklist / SVC
-----------------------
He'll show you all the services that are being loaded on SVCHOST!
It is also very good for refining the system configuration!

Still I'll write some articles about windows! :ninja:

RootsBabilonia


GAT/GP/GCS/GSS/GE/GH/J d- s++:++ a C++++ ULS*+++ P+ L++ K---
w---(++++) M- PS+++ PE-(--) Y++ PGP t R !tv b++++ h-- r+++ z+++++

"This Government, Industry and Government Scientists will be responsible for more deaths (of civilians) in peace time than all the terrorist organizations ever."
-Dr. Barrie Trower - former MI5, Microwave Weapons Expert
stopthecrime.net/

www.youtube.com/w. . .XLnXWMA1Ps
.. ... http://suporteninja.com