Tools For Hacker

------------------------------------------------- ----------------------------------------------------------#

In the world of hacking was known of the term "rootkit" is so popular although many do not understand what is meant by the rootkit.

Rootkit consists of a combination of 2 words, ie root and kit. Root is the highest privileges in Unix family of operating systems and the kit is a collection of tools. So rootkits can be interpreted as a collection of tools or tools that are used to control a system permanently without being noticed by the administrator of the machine that has been mastered.

Rootkit must have the ability to hide its presence and also has the ability to keep control of the system without being noticed by the admin concerned. Rootkits typically will enter into the architecture of a system that is not detected, so it means a program such as BO and Netbus backdoor can not be categorized as a rootkit.

Rootkits are usually composed of several tools, such as:

* Backdoor Program

Is a program used for the system can remain occupied and still be accessible without the need to again via the exploit. With so although weaknesses have been corrected or exploit the system no longer valid, the attacker is still able to control the system via this backdoor.

This backdoor program usually will modify or replace programs like login.c, ftp, rlogin, inetd, etc. thus allowing an attacker gain access through a service that has been modified it. Placement backdoor even done well through hard kernel modifications to the detection kerbeadaannya.

* Packet Sniffer

Sniffer is a program used to capture the information passed from the cable network. Programs such as ftp and telnet usually in sending a username and password information in encrypted text that is not so easy to steal.

* Controller Log Files

Programs that are in and quite important to include the rootkit is a program to remove the log. With this tool all the activities of the attacker can be hidden so that the admin is not aware of the activities that occur by an unwanted party. Given these tools to make the admin will have difficulty in detecting the presence of these unwanted party. Usually for the log files also included a program for editing of the log file.

* Other Tools

Are additional tools that are used by attackers as Ddos client program, namely trinoo, IRC bot which will connect automatically to the IRC server in automatically, etc..

* System Patch

After gaining access to the vulnerability, the rootkit also provides tools to make the patch against the vulnerability is with the aim that other hackers will not go into the system. Because the attacker has made a backdoor, which has mastered the system will still be in control of the attacker with a rootkit.

Rootkits can be divided into 2, namely:

* Application Rootkit

* Kernel Rootkit

• Application Rootkit

Application rootkit is a rootkit that much in use by hackers. Rootkit is replacing or modifying the original program with the modified program with the ability trojan. Some examples of programs that replaced are:

* Ls, find that the program does not display the program of the attacker

* Netstat normally displays the port in an open, network connections, and status of listening so it will not display the program or the connection from hackers.

* Killall, so the trojan program installed by hackers will not be in the kill.

* Tcpd, syslogd so it will not record activity in a computer hacker

* Passwd, by entering a password from the root shell rootkit will be used

* Log in, all the usernames can be used for login, including root if the password of a rootkit is used

* Sshd, sshd sometimes be used so as not detected by the sniffer.

* Linsniffer, which is used for sniffing on the network

* Inet.d which will mengopen ports so that hackers can use it to enter into the target with a password that has been determined.

• Kernel Rootkit

Kernel rootkits are rootkits that are harder to detect than the rootkit application. Program for kernel rootkits is available for Linux, Solaris and FreeBSD.

By modifying the kernel, a hacker could hide network connections, files, process, etc..

• Process pemanfaatkan Rootkit

A rootkit is not a tool to attack, but a rootkit is intended to be used as a tool after the attack. With the rootkit a hacker will be able to keep control of the victim's computer undetected.