Cyber Security Lab
BY
– GUNJAN KUMAR
UNDER THE SUPERVISION OF
Dr. Krishankant Lavania
Rootkit is a stealth type of
malicious s/w designed to
hide the existence of certain
process from normal
methods of detection &
enables continued privileged
access to a computer.
Root is a Unix /Linux that is
equivalent of administrator
in windows.
Kit denotes programs that allow
someone to obtain root/adminlevel access to the computer by
executing the programs in the
kit - all of which is done without
end-user consent/knowledge
INTRODUCTION:
● Rootkit - malicious s/w activates every time when system
boots up
● Difficult to detect - activated before your system OS has
completely booted up
● Allows installation - hidden files, processes, hidden user
accounts
● Able to intercept data from terminals, network connections
& even keyboard
FUNCTIONS
TWO PRIMARY FUNCTIONS:
Remote command/control (backdoor) & s/w
eavesdropping
Allows someone to legitimate/administratively
control a computer
PROCEDURE:
STEP 1: Download ROOTKIT Tool from GMER website www.gmer.net
STEP 2: This displays the Processes , Modules, Services, Files, Registry,
Rootkit / Malwares, Autostart, CMD of a local host.
STEP 3: Select -> Processes menu -> Kill all unwanted process if any.
STEP 4: Modules menu Displays the various system files . e.g. - .sys , .dlll
STEP 5: Services menu Displays complete services running with
Autostart, Enable, Disable, System, Boot.
STEP 6: Files menu Displays all files on Hard-Disk volumes
STEP 7: Registry displays Hkey_Current_user & Hkey_Local_Machine
STEP 8: Rootkits / Malwares scans the local drives selected
STEP 9: Auto start displays the registry base Autostart applications
STEP 10: CMD allows the user to interact with command line utilities/registry
RESULT:
Thus the study of installation of rootkit software & its variety of
options were developed successfully .
THANK
YOU