Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
doorman-0.7.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | File Size: | 645120 | | Last Modified: | Jul 22 18:54:28 2004 |
| MD5 Checksum: | 882db90b5b3df7e9ce4aae6f1914bbfb |
|
| /// File Name: |
doorman-0.8.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed several bugs. | | File Size: | 139950 | | Last Modified: | Aug 5 02:55:27 2004 |
| MD5 Checksum: | 44a495d06bf81ac9a824380612035672 |
|
| /// File Name: |
doorman-0.81.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed the silent doorman problem. | | File Size: | 140643 | | Last Modified: | Sep 7 04:35:58 2005 |
| MD5 Checksum: | f0f30132a541122fa46f4d6d321260d9 |
|
| /// File Name: |
enyelkm-1.3-no-objs.tar.gz |
Description:
|
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.
| | Author: | RaiSe | | Homepage: | http://www.enye-sec.org | | File Size: | 12903 | | Last Modified: | Feb 25 16:59:12 2009 |
| MD5 Checksum: | a12a5b779ec0ab22fd03e28503ed014d |
|
| /// File Name: |
enyelkm.en.v1.0.tar.gz |
Description:
|
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
| | Author: | RaiSe | | Homepage: | http://www.enye-sec.org | | File Size: | 9907 | | Last Modified: | Nov 30 14:14:40 2005 |
| MD5 Checksum: | 5896fe3e8a333c4e1e52daedc3422363 |
|
| /// File Name: |
enyelkm.en.v1.1.tar.gz |
Description:
|
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
| | Author: | RaiSe | | Homepage: | http://www.enye-sec.org | | Changes: | Version 1.1 | | File Size: | 9712 | | Last Modified: | Feb 20 16:28:09 2006 |
| MD5 Checksum: | 89340215b6cfceb3a176c4a30e34f5c6 |
|
| /// File Name: |
erne.txt |
Description:
|
New bypass shell for Linux servers. What you don't want to find lying around in your webroot.
| | Author: | Erne | | Homepage: | http://www.biyosecurity.net/ | | File Size: | 44624 | | Last Modified: | Sep 24 23:57:40 2007 |
| MD5 Checksum: | bf610ba81441e60aee255f2286010400 |
|
| /// File Name: |
ES-Malaria.tar.gz |
Description:
|
ES-Malaria is a ptrace() injector.
| | Author: | Brain Storm | | File Size: | 3222 | | Last Modified: | Dec 24 03:56:59 2002 |
| MD5 Checksum: | 7fe96ade196dc0c3b70e65b6ce6b8242 |
|
| /// File Name: |
eshell.c |
Description:
|
Eshell.c is a encrypted bindshell type backdoor which has a server daemon and client with AES encryption via libmix.
| | Author: | Luki Rustianto | | Homepage: | http://www.karet.org | | File Size: | 5667 | | Last Modified: | Jan 4 17:40:11 2001 |
| MD5 Checksum: | 75b97d78a51fdf7a51d4eb6fbd64fd9e |
|
| /// File Name: |
evilbs.tar.gz |
Description:
|
EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.
| | Author: | gat3way | | File Size: | 28882 | | Last Modified: | Feb 20 12:45:15 2010 |
| MD5 Checksum: | 0572f3023b4ad5d3b046810e5442b1d8 |
|
| /// File Name: |
evilshell.c |
Description:
|
3vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.
| | Author: | Simpp | | File Size: | 8166 | | Last Modified: | Sep 2 23:06:44 2008 |
| MD5 Checksum: | 9be2c39a2ac092d94439ef53aecd613a |
|
| /// File Name: |
ezmal-0.2.zip |
Description:
|
EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.
| | Author: | microphone8000 | | File Size: | 13952 | | Last Modified: | Jul 30 22:57:19 2008 |
| MD5 Checksum: | 1af27ee2d196b8eccedf3762e3a16c01 |
|
| /// File Name: |
falcon-ssh-diffs.tar.gz |
Description:
|
Two rootkit / backdoor patches to ssh-1.2.27. The first diff turns ssh into a major backdoor. it will report itself as nscd in the process list, have ALL logging disabled, run on a different port, ignore all settings in the config file and allow a "magic word" login to all accounts, including root. The other patch simply adds a magic password to sshd, for use in patching an existing sshd.
| | Author: | Falcon | | File Size: | 2538 | | Last Modified: | Nov 5 12:30:34 1999 |
| MD5 Checksum: | cd9339f82c165b3b8fddebf126ff7c1d |
|
| /// File Name: |
false.c |
Description:
|
False.c is a local/remote backdoor for Linux.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 4536 | | Last Modified: | Jun 4 01:35:29 2002 |
| MD5 Checksum: | c122ccd9599635642b598c075d000acd |
|
| /// File Name: |
fbd-1.1.txt |
Description:
|
Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
| | Author: | Butternuts | | File Size: | 2521 | | Last Modified: | Jul 8 01:31:19 2002 |
| MD5 Checksum: | 7b61d02047c4b39bf0a429d947a78f7d |
|
| /// File Name: |
fbrk1-imps.tar.gz |
Description:
|
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
| | Author: | Nyo | | File Size: | 267168 | | Last Modified: | Nov 5 22:40:21 2001 |
| MD5 Checksum: | aabf3bc70afc09f16e0015272e8b2baa |
|
| /// File Name: |
fbsd.tgz |
Description:
|
FreeBSD rootkit precompiled binaries for 4.2-RELEASE.
| | Author: | Nyo,Jade | | File Size: | 1201232 | | Last Modified: | Mar 20 01:48:13 2002 |
| MD5 Checksum: | 3ba84e13541e99d8356dd119efc33c1e |
|
| /// File Name: |
file.c |
Description:
|
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
| | Author: | George Dissios | | Homepage: | http://www.frapes.org | | File Size: | 1920 | | Last Modified: | Jan 5 02:50:56 2003 |
| MD5 Checksum: | 770290c363c15e13d3eb89a80e65aa4e |
|
| /// File Name: |
firedoor-0.2.tar.gz |
Description:
|
firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting. Written in Java 1.4, so it is very small and can run on both Linux and Win32 without modifications. Source file included.
| | Author: | Joker | | Homepage: | http://olives.ath.cx/~j0ker/ | | File Size: | 10511 | | Last Modified: | Aug 11 12:18:14 2003 |
| MD5 Checksum: | 984aa4861deeb9af70a9cee118a49278 |
|
| /// File Name: |
fk.tgz |
Description:
|
Fuck`it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
| | Author: | Cyrax | | File Size: | 911360 | | Last Modified: | Sep 29 05:55:00 2002 |
| MD5 Checksum: | f3d55d07c747e7bb9c69a3a614a9d8d0 |
|
| /// File Name: |
flea.tar.gz |
Description:
|
FLEA is a linux rootkit for all distributions.
| | Author: | skatE | | Homepage: | http://www.the-diamonds.org | | File Size: | 106847 | | Last Modified: | Oct 4 03:30:20 2002 |
| MD5 Checksum: | dfd8f8b6babe05182bb5c3e3e1b5d5a3 |
|
| /// File Name: |
funnyscript.c |
Description:
|
Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.
| | Author: | Andrea Montanari | | File Size: | 11779 | | Last Modified: | Dec 8 20:26:50 2008 |
| MD5 Checksum: | e50a753f0dad3a0479dea861496b0e51 |
|
| /// File Name: |
gH-cgi.c |
Description:
|
A simple cgi backdoor which pipes command output to the browser.
| | Author: | Blasphemy | | File Size: | 1826 | | Last Modified: | May 1 17:46:44 1999 |
| MD5 Checksum: | 2c0331f54922c1b1140e8992598fbb2f |
|
| /// File Name: |
hacking_unix.txt |
Description:
|
Unavailable.
| | File Size: | 41819 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | d853a748e2888235a93e150b90616e4a |
|
| /// File Name: |
hhp-SSH_TROSNIFF.tgz |
Description:
|
hhp-trosniff is a complete package of patches to modify ssh, ssh2, sshd, ssh2d, and opensshd to extract and log the Incoming/Target HostName/UserName/Password. Intended to log brute force attacks and deleted users who try to gain access.
| | Author: | Loophole | | File Size: | 4064 | | Last Modified: | Jun 21 19:31:24 2000 |
| MD5 Checksum: | 8bc929c223f30bbea750ab01ca5fdd70 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
