Nytro Posted January 16, 2015 Report Share Posted January 16, 2015 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques. FeaturesCompare /proc vs /bin/ps outputCompare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux versionCompare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux versionCompare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.URL: http://www.unhide-forensics.infoVia: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers Quote Link to comment Share on other sites More sharing options...
fed Posted January 16, 2015 Report Share Posted January 16, 2015 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques. FeaturesCompare /proc vs /bin/ps outputCompare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux versionCompare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux versionCompare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.URL: http://www.unhide-forensics.infoVia: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org ReadersCum opresc hidden pid-urile?Am incercat cu Process Explorer si TcpView de la Sysinternals inclusiv taskkill /f /pid ... : error the process ... not found Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 16, 2015 Author Report Share Posted January 16, 2015 Ce e ala "hidden pid"? Te referi la rootkit-uri? Quote Link to comment Share on other sites More sharing options...
fed Posted January 16, 2015 Report Share Posted January 16, 2015 (edited) Ce e ala "hidden pid"? Te referi la rootkit-uri?Programul scaneaza si afiseaza Found Hidden port si Found HIDDEN PID: Edited January 16, 2015 by fed Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 16, 2015 Author Report Share Posted January 16, 2015 Daca ai antivirus, e posibil sa fie de la self defence-ul sau. Quote Link to comment Share on other sites More sharing options...
fed Posted January 16, 2015 Report Share Posted January 16, 2015 Daca ai antivirus, e posibil sa fie de la self defence-ul sau.Nu am.Auto kill hidden processes doar pe var linux/unix ( for P in `unhide sys | grep -v “\*” | grep -i HIDEEN | cut -f2 -d':’ | awk ‘{print $1}’`; do kill -9 $P; done; ) , pacat pe win for ramane hidden in continuare plm rootkiturile Quote Link to comment Share on other sites More sharing options...