.:[ packet storm ]:.
                             
paranoia is a friend like no other
paranoia is a friend like no other

 Section:  .. / UNIX / penetration / rootkits  /

The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.

Page 1 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 1 - 25 of 211
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: evilshell.c
Description:
 3vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.
Author:Simpp
File Size:8166
Last Modified:Sep 2 23:06:44 2008
MD5 Checksum:9be2c39a2ac092d94439ef53aecd613a

 ///  File Name: c99.tgz
Description:
 The Klueless Klowns Team variant of the c99 php shell.
Author:Kristo Pher
Homepage:http://www.kkteam.co.uk/
File Size:42359
Last Modified:Aug 18 20:18:25 2008
MD5 Checksum:d6506a5108aaebac55098b3e56a15083

 ///  File Name: ezmal-0.2.zip
Description:
 EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.
Author:microphone8000
File Size:13952
Last Modified:Jul 30 22:57:19 2008
MD5 Checksum:1af27ee2d196b8eccedf3762e3a16c01

 ///  File Name: 3vilSh3ll.c
Description:
 Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.
Author:Simpp
File Size:7272
Last Modified:Mar 18 22:25:36 2008
MD5 Checksum:9cf37a9cec5547cca5c9872fbe651b5f

 ///  File Name: m_rev-0.2.c
Description:
 A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).
Author:ernie@ernie
File Size:20129
Last Modified:Jan 29 21:49:07 2008
MD5 Checksum:2e8bb365b19a752d7bde5b88a1045089

 ///  File Name: rathole-1.2.tar.gz
Description:
 RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.
Author:Incognito/STK
File Size:11419
Last Modified:Nov 30 01:51:07 2007
MD5 Checksum:c652966a5d9a09c29369794979d4ac6b

 ///  File Name: rcbd.c
Description:
 Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.
Author:St0rM-MaN
File Size:3047
Last Modified:Oct 10 01:44:45 2007
MD5 Checksum:c59b4de790f54bbf3e6e647fc4dc9fd8

 ///  File Name: erne.txt
Description:
 New bypass shell for Linux servers. What you don't want to find lying around in your webroot.
Author:Erne
Homepage:http://www.biyosecurity.net/
File Size:44624
Last Modified:Sep 24 23:57:40 2007
MD5 Checksum:bf610ba81441e60aee255f2286010400

 ///  File Name: rel.tar.gz
Description:
 Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
File Size:640357
Last Modified:Jul 11 21:50:51 2007
MD5 Checksum:4015e13f814c5c33153ab49b196acd81

 ///  File Name: mood-nt_2.3.tgz
Description:
 Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.
Author:darkangel
Homepage:http://darkangel.antifork.org
File Size:36881
Last Modified:Jun 6 18:38:28 2007
MD5 Checksum:c22f5dbb5757237be40c621f487ae8e2

 ///  File Name: backdoor.tar.gz
Description:
 This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.
Author:Dark.iNiTro
Homepage:http://ccb.0x48k.cc/index.php?module=files
File Size:245330
Last Modified:May 2 20:06:51 2007
MD5 Checksum:3046022b733bd0ccc37165e34a2db7ad

 ///  File Name: openssh-4.6p1-backdored.tar.gz
Description:
 The backdoored version of OpenSSH 4.6p1. It logs passwords to /tmp/.sshell and also has the typical magic password.
Author:ShadOS
File Size:982882
Last Modified:Apr 17 12:14:44 2007
MD5 Checksum:082ab530608f02982dfcd57a28017ab3

 ///  File Name: openssh-4.5p1_backdoored.tar.gz
Description:
 Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.
Author:santabug
File Size:1005183
Last Modified:Nov 16 12:22:39 2006
MD5 Checksum:98c87de1cf5683f9400828281e3f0769

 ///  File Name: mood-nt.tgz
Description:
 Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.
Author:darkangel
Homepage:http://darkangel.antifork.org
File Size:35005
Last Modified:Oct 24 17:12:23 2006
MD5 Checksum:c046c7882ca919d595b8491be609d149

 ///  File Name: logginsh.txt
Description:
 loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.
Author:Pranav Joshi,Deepak Kaul
File Size:1266
Last Modified:Jun 5 04:40:02 2006
MD5 Checksum:59b000733a8ab35f124a73afcd31bf40

 ///  File Name: pingrootkit.tar.bz2
Description:
 Ping Rootkit executes a root shell by simply executing the well known and "trusted" command with a special argument and a password. Includes the full source code for ping as well as the patch.
Author:Herrumbre
Homepage:http://www.gnuler.com.ar
File Size:33902
Last Modified:May 29 01:48:54 2006
MD5 Checksum:e19afeeeb6309c2e3b7f6dc750ce11b2

 ///  File Name: m0rtix.c
Description:
 m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.
Author:jeremy still
File Size:12040
Last Modified:Apr 28 20:30:27 2006
MD5 Checksum:6503eae7a42fb2d5336a3a0cde0c5bb0

 ///  File Name: wnetstat.pl
Description:
 wnetstat.pl is a small perl wrapper script to hide IPs from netstat.
Author:bunker
Homepage:http://rawlab.altervista.org
File Size:543
Last Modified:Apr 28 20:02:48 2006
MD5 Checksum:8f3a29040d5ca112c203aeb2f9c2d3ac

 ///  File Name: ssheater-1.1.tar.gz
Description:
 SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.
Author:Barros
Homepage:http://www.gotfault.net/
File Size:16852
Last Modified:Apr 6 15:09:49 2006
MD5 Checksum:584353ff41ac6ad6a59f87eaa8b05340

 ///  File Name: r57-pid-check.txt
Description:
 pid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.
Author:x97rang
Homepage:http://rst.void.ru
File Size:9664
Last Modified:Apr 6 14:48:20 2006
MD5 Checksum:62427ef3574ea99ba8cad2d1ce2f38c9

 ///  File Name: enyelkm.en.v1.1.tar.gz
Description:
 LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
Author:RaiSe
Homepage:http://www.enye-sec.org
Changes:Version 1.1
File Size:9712
Last Modified:Feb 20 16:28:09 2006
MD5 Checksum:89340215b6cfceb3a176c4a30e34f5c6

 ///  File Name: override.tar.bz
Description:
 The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
Author:Amir Alsbih
Homepage:http://www.informatik.uni-freiburg.de/~alsbiha/
File Size:3883
Last Modified:Jan 27 14:12:33 2006
MD5 Checksum:31a9eb52f4907924ba9fb22287b44996

 ///  File Name: override.tar.gz
Description:
 Unavailable.
File Size:3918
Last Modified:Jan 26 05:04:39 2006
MD5 Checksum:ebd24e8673c12b43c1ac08a1c341075c

 ///  File Name: phalanx-b6.tar.bz2
Description:
 Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.
Author:rebel
File Size:19479
Last Modified:Dec 27 03:25:28 2005
MD5 Checksum:3d0ef3793579cd846e43a034d147ecd0

 ///  File Name: enyelkm.en.v1.0.tar.gz
Description:
 LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
Author:RaiSe
Homepage:http://www.enye-sec.org
File Size:9907
Last Modified:Nov 30 14:14:40 2005
MD5 Checksum:5896fe3e8a333c4e1e52daedc3422363
 

 ///  Last 10 Files
  1. :· glsa-200812-07.txt
  2. :· glsa-200812-06.txt
  3. :· glsa-200812-05.txt
  4. :· glsa-200812-04.txt
  5. :· glsa-200812-03.txt
  6. :· glsa-200812-02.txt
  7. :· glsa-200812-01.txt
  8. :· USN-683-1.txt
  9. :· dsa-1676-1.txt
  10. :· pacpoll-disclose.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· glsa-200812-07.txt
  2. :· glsa-200812-06.txt
  3. :· glsa-200812-05.txt
  4. :· glsa-200812-04.txt
  5. :· glsa-200812-03.txt
  6. :· glsa-200812-02.txt
  7. :· glsa-200812-01.txt
  8. :· USN-683-1.txt
  9. :· dsa-1676-1.txt
  10. :· USN-682-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· pacpoll-disclose.txt
  2. :· BMSA-2008-09.txt
  3. :· webhub-bypass.txt
  4. :· infinite-bypass.txt
  5. :· bcoos1013-sql.txt
  6. :· preonline-cmsqlxss.txt
  7. :· preclass-sqlxss.txt
  8. :· aspportal-disclose.txt
  9. :· preshoppingmall-cmsqlxss.txt
  10. :· ezpoll-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· vncrush.txt
  2. :· rshatter.txt
  3. :· Exomind-v0.2.tar.gz
  4. :· clamav-0.94.2.tar.gz
  5. :· cadfile.zip
  6. :· anehta-v0.6.0fixed2.zip
  7. :· tagfuzz.txt
  8. :· BrowserRider.20081124.tar.bz2
  9. :· mp3nema-v0_2.tar.gz
  10. :· squid-nufw-helper-1.1.3.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· sqlinj-insouts.txt
  2. :· format-string-linux.txt
  3. :· frame-pointer-overwrite-linux.txt
  4. :· iptablesf.txt
  5. :· nufw-2.2.19.tar.gz
  6. :· frhack2009-cfp.txt
  7. :· oracle-forensics-scns.pdf
  8. :· cansecwest-2009.txt
  9. :· A5.1.zip
  10. :· a51-php.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice