BOOT KIT is a project related to custom boot sector code subverting
Windows NT Security Model.The sample presented currently keeps on
escalating cmd.exe to system privileges every 30 secs.
It has several features
- It's very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
- It patches the kernel at runtime(no files are patched on disk).
- BOOT KIT is PXE-compatible.
- It can even lead to first ever PXE virus
- It also enables you to load other root kits if you have physical
access(Normally root kits can only be loaded by the administrator
The bootkit has been tested with a number of kernel mode shell codes such as Loading Native Applications and drivers from the shell code
another shellcode ,which periodically raises every CMD.EXE to system privileges.
The Source code will contain 4 levels of BOOT KITs(showcasing different payloads)
- Basic framework ( Kernel patching has to be done later on) ( available for download )
- Privilege escalation framework(demonstrates creating new system
threads and how to escalate privileges easily) (available for download) - Loading drivers and native applications from kernel mode without touching registry
- PXE compatible code(Basic framework).
Bootkit Basic framework Source Code
Boot Kit Advance Version(support Privilege escalation) Source Code
