What to Keep Out


Rootkits are often installed as payloads. A payload is the content section of an exploit. Exploits are the intrusions that take advantage of software vulnerabilities in order to add unintended software (payloads) to target machines. There are many types of payloads, and many exploits that can be used to deliver these payloads. This is one application detail of a rootkit that can also be applied to spyware, viruses, and other malicious program types. Separating rootkit development from exploit development will provide an object-oriented environment in which any payload can be attached to any exploit. The advantage to this approach can be seen by using MetaSploit software (www.metasploit.com). MetaSploit enables the user to first select an exploit and then select the payload to insert using that exploit. Keeping these functions separated can be difficult if rootkit development is folded in with exploit development. Because rootkit development and exploit development require some of the same tools, it is easy to mix these development environments and end up with a rootkit that can only be compiled and linked in an exploit development environment that has changed since the last rootkit build.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net