Friday, June 18, 2010

Commands to become undetectable on Windows NT/W2K/XP

I was looking for this a while back but didn't end up trying it out. 
I have forgotten the source, but I wanted to post it just in case. 

NOTE: You are at your own risk if you follow these instructions. Editing your registry is DANGEROUS and should be done with extreme caution. Follow these steps at your OWN risk.

  1. Get your device's hex value. ('snort -W' works for this)
  2. open Regedt32
  3. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
    Interfaces\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
  4. Select the network card you wish to setup as the monitoring interface (this will be the {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} value).
  5. Set IPAddress:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
  6. Set SubnetMask:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
  7. Set DefaultGateway:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
  8. Close the Registry Editor, your changes will be saved automatically.
  9. In a command prompt, run 'ipconfig' to verify the interface does not have an IP bound to it.

 

No comments:

Post a Comment