Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
bd.pl |
Description:
|
bd.pl is a backdoor written in perl which sits on port 33556 by default, requires a password, and unsets the history environment variables.
| | Author: | Mugwump Mugwump | | File Size: | 959 | | Last Modified: | Jul 24 19:46:07 2000 |
| MD5 Checksum: | b4aea0b2942de55ca24b6bbe25b467f2 |
|
| /// File Name: |
bdoor.c |
Description:
|
Unix backdoor which pretends to be a http daemon.
| | Author: | CyberPsychotic | | File Size: | 3608 | | Last Modified: | Nov 15 19:03:15 1999 |
| MD5 Checksum: | 620e6dc8e252318465de768315e7f8be |
|
| /// File Name: |
blackhole.c |
Description:
|
A basic backdoor that is a small, portable, and functional fake daemon. You tell it what you want it to run as under 'ps' and what port to bind to in the defines. Detailed description in the header.
| | Author: | Bronc Buster | | File Size: | 2948 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 81ff33344cc537d85620b0e1c7fcf03b |
|
| /// File Name: |
blowdoor01b.c |
Description:
|
Blowdoor is a unix backdoor with a definable port, password, executable to run, process to show job as, and logging facility.
| | Author: | bl0w | | Homepage: | http://www.secworld.org/ | | File Size: | 5324 | | Last Modified: | Aug 18 16:24:07 2002 |
| MD5 Checksum: | c8070fe07386800d942dbb40acd46517 |
|
| /// File Name: |
blowdoor01c.c |
Description:
|
Blowdoor is a backdoor for unix systems using md5sum passwords.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 4730 | | Last Modified: | Aug 28 00:45:53 2002 |
| MD5 Checksum: | 6463bd5ffa2ba22447718154fa4295cb |
|
| /// File Name: |
blowdoor20.c |
Description:
|
Blowdoor v2.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 3831 | | Last Modified: | Sep 20 03:56:18 2002 |
| MD5 Checksum: | af17d89167bd317c22d516fcfa01bd12 |
|
| /// File Name: |
blowdoor30.c |
Description:
|
Blowdoor v3.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | Changes: | Fixed bugs. | | File Size: | 4109 | | Last Modified: | Apr 18 03:41:36 2003 |
| MD5 Checksum: | fbfef3f0719882d9ac666ac376c68036 |
|
| /// File Name: |
c99.tgz |
Description:
|
The Klueless Klowns Team variant of the c99 php shell.
| | Author: | Kristo Pher | | Homepage: | http://www.kkteam.co.uk/ | | File Size: | 42359 | | Last Modified: | Aug 18 20:18:25 2008 |
| MD5 Checksum: | d6506a5108aaebac55098b3e56a15083 |
|
| /// File Name: |
cb-r00tkit.tgz |
Description:
|
cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
| | Author: | Zeen. | | File Size: | 1071008 | | Last Modified: | Oct 16 23:35:58 2002 |
| MD5 Checksum: | d871691531db1e82b5cf05a09a281a3b |
|
| /// File Name: |
cbd.c.txt |
Description:
|
CBD.c is a simple backdoor which allows machines behind firewalls to be controlled via outgoing connections.
| | Author: | Grazer | | Homepage: | http://www.digit-labs.or | | File Size: | 1160 | | Last Modified: | Feb 20 21:07:05 2001 |
| MD5 Checksum: | 85c194f62635a80b322a0566ac30942e |
|
| /// File Name: |
cd00r.c |
Description:
|
cd00r.c is a proof of concept code to test the idea of a completely invisible (read: not listening) backdoor server. Standard backdoors and remote access services have one major problem - the port's they are listening on are visible on the system console as well as from outside (by port scanning). To activate the remote access service, one has to send several packets (TCP SYN) to ports on the target system. Which ports in which order and how many of them can be defined in the source code.
| | Author: | FX | | Homepage: | http://www.phenoelit.de/ | | File Size: | 16605 | | Last Modified: | Jun 13 17:29:23 2000 |
| MD5 Checksum: | f7d023c9bfa342c440262beb65dd105e |
|
| /// File Name: |
cgiback.tgz |
Description:
|
CGI backdoor which can be compiled with or without logging. Password protected. Tested on Redhat 6.1.
| | Author: | Overflow | | File Size: | 4296 | | Last Modified: | Dec 6 18:36:00 1999 |
| MD5 Checksum: | d655d5f0af6adf9f8fba1cba39f1d0ee |
|
| /// File Name: |
CGIbackdoor.txt |
Description:
|
CGI Backdoor - Perl based client / server backdoor which communicates over port 80, bypassing many firewalls.
| | Author: | Hypoclear | | Homepage: | http://hypoclear.cjb.net | | File Size: | 3464 | | Last Modified: | Jun 13 16:23:11 2000 |
| MD5 Checksum: | a64eb7601c4e7f66ae24d04b3766e345 |
|
| /// File Name: |
cheetah.c |
Description:
|
Cheetah version 1.0 is a remote Linux/BSD backdoor that offer low CPU usage, Port/Backlog selection, a remote shell, user/password protection, and process faking.
| | Author: | Tal0n | | File Size: | 4034 | | Last Modified: | Aug 26 15:43:31 2004 |
| MD5 Checksum: | 4b2b6b1061976b608ba5bebff00c4445 |
|
| /// File Name: |
cisco-ack-proof-concept.tgz |
Description:
|
This document contains details on a proof-of-concept white paper on how to circumvent Cisco access-lists which rely on only permitting "established" TCP sessions by establishing communications between a client and server (included) which never uses the SYN bit. Works on any firewall that accepts all packets without the syn bit.
| | Author: | Codex | | Homepage: | http://www.phate.net/docs/security/ | | File Size: | 12711 | | Last Modified: | May 31 18:23:32 2000 |
| MD5 Checksum: | e7c9032c77ac8938e06fd163cdc9e3fd |
|
| /// File Name: |
darkside-0.2.3.tar.gz |
Description:
|
Darkside is a rootkit for unix which hides processes and their children, hides files, manipulates uid's, and modifies the tcp/ip stack to hide connections.
| | Author: | Lbyte | | File Size: | 7646 | | Last Modified: | Jan 11 01:02:06 2002 |
| MD5 Checksum: | 2af112a1e0cb1b0ed4cbe3626044ccf7 |
|
| /// File Name: |
ddb-sfe.tar.gz |
Description:
|
An backdoor that lets you to reach root/user account shells over tcp channel using a procedure of callback initialized by a ICMP packet.
| | Author: | The Recidjvo | | Homepage: | http://www.pkcrew.org | | File Size: | 3447 | | Last Modified: | Dec 2 21:25:51 2000 |
| MD5 Checksum: | 8e1eeb8715c5e2283f2db800d0ef06f7 |
|
| /// File Name: |
ddb.tar.gz |
Description:
|
A backdoor that allows you to keep remote access to a shell on a LAN protected by masquerading, getting rid of the inability for non public address to listen to a port reachable from the Internet.
| | Author: | The Recidjvo | | Homepage: | http://www.pkcrew.org | | File Size: | 6937 | | Last Modified: | Dec 2 21:23:49 2000 |
| MD5 Checksum: | 160a48a5b3c8e479102e10689731737d |
|
| /// File Name: |
defuserootkit.tar |
Description:
|
This utility removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
| | Author: | cameleonu | | File Size: | 20480 | | Last Modified: | May 8 21:00:45 2003 |
| MD5 Checksum: | 0488beaaf98b29ec2446da6c6665766d |
|
| /// File Name: |
defuserootkit2.tar |
Description:
|
Updated version of a utility that removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
| | Author: | cameleonu | | File Size: | 30720 | | Last Modified: | May 29 00:44:42 2003 |
| MD5 Checksum: | 8c15ca479777cb3e1c5f8923e059f85f |
|
| /// File Name: |
DevNull-rootkit-v0.9.tar.bz2 |
Description:
|
DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
| | Author: | Tutor | | Homepage: | http://r00tabega.com/group.html | | File Size: | 407661 | | Last Modified: | Mar 23 20:13:19 2000 |
| MD5 Checksum: | 864d9167f7a3e2d113cf6f1454a5b63b |
|
| /// File Name: |
dica.tgz |
Description:
|
Dica is a rootkit found in the wild. Looks like a t0rn variant. Thanks to Rob Hock
| | File Size: | 1366469 | | Last Modified: | Jun 6 02:07:13 2002 |
| MD5 Checksum: | 0f5ffea16e599bb13a69b4ba9b3748e2 |
|
| /// File Name: |
dnsscan |
Description:
|
Unavailable.
| | File Size: | 3254 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | bd77f83037005a85d4123fee3abc138b |
|
| /// File Name: |
doorman-0.7.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | File Size: | 645120 | | Last Modified: | Jul 22 18:54:28 2004 |
| MD5 Checksum: | 882db90b5b3df7e9ce4aae6f1914bbfb |
|
| /// File Name: |
doorman-0.8.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed several bugs. | | File Size: | 139950 | | Last Modified: | Aug 5 02:55:27 2004 |
| MD5 Checksum: | 44a495d06bf81ac9a824380612035672 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
