BOOT KIT: Custom boot sector based Windows 2000/XP/2003 Subversion
BOOT KIT is a project related to custom boot sector code subverting Windows NT Security Model.The sample presented currently keeps on escalating cmd.exe to system privileges every 30 secs.
It has several features:
- It’s very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
- It patches the kernel at runtime(no files are patched on disk).
- BOOT KIT is PXE-compatible.
- It can even lead to first ever PXE virus
- It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator
The bootkit has been tested with a number of kernel mode shell codes such as Loading Native Applications and drivers from the shell code another shellcode ,which periodically raises every CMD.EXE to system privileges.
**The Source code will contain 4 levels of BOOT KITs(showcasing different payloads):
- Basic framework ( Kernel patching has to be done later on) ( available for download )
- Privilege escalation framework(demonstrates creating new system threads and how to escalate privileges easily) (available for download)
- Loading drivers and native applications from kernel mode without touching registry
- PXE compatible code(Basic framework).
Bootkit Basic framework and Boot Kit Advance Version(support Privilege escalation) Sources