Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
lrkn.tgz |
Description:
|
Linux rootkit 3.0 - Includes trojaned chfn, chsh, inetd, login, ls, du ifconfig, netstat, passwd, ps, top, rshd, syslod, tcpd, etc.
| | File Size: | 3639016 | | Last Modified: | Aug 16 20:05:21 1999 |
| MD5 Checksum: | 1aa105cdaedac8438f773cb5bd645848 |
|
| /// File Name: |
lyceum-2.46.tar.gz |
Description:
|
Lyceum is an advance stealthed client/server backdoor that uses encrypted spoofed UDP packets to administer the server and the two built-in ICMP backdoors. Each ICMP backdoor exploits a different feature of the protocol, the first creating a bi-directionally spoofed ICMP tunnel and the second uses passive nodes as zombies to relay ICMP backdoor traffic.
| | Author: | phish | | File Size: | 53720 | | Last Modified: | Jul 23 21:43:29 2004 |
| MD5 Checksum: | 2fe58f1103cb072dd24f1be121814dfb |
|
| /// File Name: |
m0rtix.c |
Description:
|
m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.
| | Author: | jeremy still | | File Size: | 12040 | | Last Modified: | Apr 28 20:30:27 2006 |
| MD5 Checksum: | 6503eae7a42fb2d5336a3a0cde0c5bb0 |
|
| /// File Name: |
m_rev-0.2.c |
Description:
|
A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).
| | Author: | ernie@ernie | | File Size: | 20129 | | Last Modified: | Jan 29 21:49:07 2008 |
| MD5 Checksum: | 2e8bb365b19a752d7bde5b88a1045089 |
|
| /// File Name: |
maxty.tar.gz |
Description:
|
Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
| | Author: | Paul Starzetz | | File Size: | 4867 | | Last Modified: | Apr 6 21:04:31 2001 |
| MD5 Checksum: | 8ed7a10a7153e74d0f1495d65783dc4d |
|
| /// File Name: |
md5bd.c |
Description:
|
md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
| | Author: | Mixter | | Homepage: | http://1337.tsx.org | | File Size: | 3004 | | Last Modified: | Jul 15 17:48:54 2000 |
| MD5 Checksum: | 2fa9b94368cf2d9b511d009aece38bce |
|
| /// File Name: |
mix.c |
Description:
|
Simple generic backdoor protected by a password encrypted with an MD5 hash. Gets added into inittab.
| | Author: | Serial Killah | | File Size: | 5244 | | Last Modified: | May 20 17:56:09 2004 |
| MD5 Checksum: | 472a0b9ee3932c0c401d7f1c6c043625 |
|
| /// File Name: |
mod_backdoor.c |
Description:
|
Apache DSO backdoor - A get request to a "special" url allows remote command execution.
| | Author: | Slash | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 8809 | | Last Modified: | Jun 5 14:52:24 2000 |
| MD5 Checksum: | 84e2f164eca988c6647d0dc512f4536c |
|
| /// File Name: |
modhide1.c |
Description:
|
Modhide1.c demonstrates a new method of hiding kernel modules which does not trigger any normal detection techniques because it does not change lsmod or the system call table. Instead it hacks the kernel's memory to make it "forget" the module.
| | Author: | Nijen Rode | | File Size: | 4296 | | Last Modified: | May 23 19:59:32 2001 |
| MD5 Checksum: | 38fc557e5f938e246db103109f457d4e |
|
| /// File Name: |
mood-nt.tgz |
Description:
|
Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.
| | Author: | darkangel | | Homepage: | http://darkangel.antifork.org | | File Size: | 35005 | | Last Modified: | Oct 24 17:12:23 2006 |
| MD5 Checksum: | c046c7882ca919d595b8491be609d149 |
|
| /// File Name: |
mood-nt_2.3.tgz |
Description:
|
Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.
| | Author: | darkangel | | Homepage: | http://darkangel.antifork.org | | File Size: | 36881 | | Last Modified: | Jun 6 18:38:28 2007 |
| MD5 Checksum: | c22f5dbb5757237be40c621f487ae8e2 |
|
| /// File Name: |
Mr-Lynd0v1.1.c |
Description:
|
Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
| | Author: | click | | File Size: | 6217 | | Last Modified: | Oct 22 00:48:36 2002 |
| MD5 Checksum: | 2993d94af3a9cb610ae7511a63b33983 |
|
| /// File Name: |
Mr-Lynd0v1.2.c |
Description:
|
Mr-Lynd0 is a log cleaner and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp. Version 1.2 released with bugfixes.
| | Author: | click | | File Size: | 6218 | | Last Modified: | Mar 7 01:38:35 2003 |
| MD5 Checksum: | 586820ca8ebab3a1e7edf4599c1a43d8 |
|
| /// File Name: |
mybindshell.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348.
| | Author: | Kafar | | Homepage: | http://www.olek.org/code | | File Size: | 1305 | | Last Modified: | Oct 15 16:14:24 2003 |
| MD5 Checksum: | acb885a3faa8b9468e8197811d7f280f |
|
| /// File Name: |
mybindshell2.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348. Includes the ability to only allow certain IP's.
| | Author: | Konewka | | Homepage: | http://www.olek.org/code | | File Size: | 2157 | | Last Modified: | Dec 14 22:25:49 2003 |
| MD5 Checksum: | ced8adcc43ee20caf12d6b514bcc2b45 |
|
| /// File Name: |
n-du.tgz |
Description:
|
N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
| | Author: | Serguei | | File Size: | 5252 | | Last Modified: | Sep 29 23:39:17 2004 |
| MD5 Checksum: | a18fef559fcfc16db6beadd02924cde6 |
|
| /// File Name: |
netstat.sh |
Description:
|
Netstat.sh is a shell script which compiles a C wrapper around /bin/netstat which hides a class B address space.
| | Author: | God- | | Homepage: | ftp://haxordot.org/pub/god-/ | | File Size: | 1125 | | Last Modified: | Aug 5 23:01:47 2000 |
| MD5 Checksum: | 1aaeb2723b4dba0eb612ef3fbfea415f |
|
| /// File Name: |
Netstat.zip |
Description:
|
Netstat.zip is a fake windows netstat which can hide certain network connections. Requires renaming the original netstat.
| | Author: | Digital Fire | | File Size: | 15843 | | Last Modified: | Apr 24 20:18:22 2001 |
| MD5 Checksum: | 97d5d9a6abab7e7c5a2b97e38252db12 |
|
| /// File Name: |
ntbindshell.zip |
Description:
|
Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
| | Author: | Christophe Devine | | File Size: | 13548 | | Last Modified: | Oct 20 21:54:48 2003 |
| MD5 Checksum: | f9263c604245a5fdff0843915d6936c4 |
|
| /// File Name: |
nx_back.c |
Description:
|
Simple unix-based backdoor that is very compact and provides a bindshell.
| | Author: | nitr0x | | Homepage: | http://www.nitrox.xt.pl | | File Size: | 2150 | | Last Modified: | Sep 10 01:21:52 2004 |
| MD5 Checksum: | b102aed4733efae0cd8de45938b514bc |
|
| /// File Name: |
openssh-2.9p2.patch |
Description:
|
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
| | File Size: | 3608 | | Last Modified: | Dec 8 22:42:10 2001 |
| MD5 Checksum: | 506df08051bf9a4a4e83c6b57873c242 |
|
| /// File Name: |
openssh-3.6p2-bd.diff |
Description:
|
OpenSSH 3.6p2 backdoor that logs all logins and passwords to a file. Original backdoor ported for 3.6p2 by ajax.
| | File Size: | 5471 | | Last Modified: | May 28 05:13:29 2003 |
| MD5 Checksum: | ed31a68cc3dc02ff8414481e41aa096e |
|
| /// File Name: |
openssh-4.5p1_backdoored.tar.gz |
Description:
|
Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.
| | Author: | santabug | | File Size: | 1005183 | | Last Modified: | Nov 16 12:22:39 2006 |
| MD5 Checksum: | 98c87de1cf5683f9400828281e3f0769 |
|
| /// File Name: |
openssh-4.6p1-backdored.tar.gz |
Description:
|
The backdoored version of OpenSSH 4.6p1. It logs passwords to /tmp/.sshell and also has the typical magic password.
| | Author: | ShadOS | | File Size: | 982882 | | Last Modified: | Apr 17 12:14:44 2007 |
| MD5 Checksum: | 082ab530608f02982dfcd57a28017ab3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
