.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / UNIX / penetration / rootkits /

The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.

Page 6 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 125 - 150 of 218

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	osxrk-0.2.1.tbz
Description:	MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.
Author:	gapple
File Size:	86449
Last Modified:	Sep 10 12:35:27 2004
MD5 Checksum:	4d88ce2a44718703f5de06a26c26349a

/// File Name:	ovas0n.c
Description:	Opens a password protected backdoor and lets you execute commands, and then hides in the background. Based on gs.c.
Author:	misteri0
File Size:	4160
Last Modified:	Jan 10 01:45:19 2000
MD5 Checksum:	43ff0cfc1b7dce9d3e4729fe7d1659a3

/// File Name:	override.tar.bz
Description:	The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
Author:	Amir Alsbih
Homepage:	http://www.informatik.uni-freiburg.de/~alsbiha/
File Size:	3883
Last Modified:	Jan 27 14:12:33 2006
MD5 Checksum:	31a9eb52f4907924ba9fb22287b44996

/// File Name:	override.tar.gz
Description:	Unavailable.
File Size:	3918
Last Modified:	Jan 26 05:04:39 2006
MD5 Checksum:	ebd24e8673c12b43c1ac08a1c341075c

/// File Name:	ownit-0.1.tar.gz
Description:	Ownit is a script that installs libnet, libnids, and dsniff on a system.
Author:	CowDog
File Size:	367936
Last Modified:	Nov 19 11:15:27 2002
MD5 Checksum:	16ed3989ac5deb8be2ec6ca4812a28a6

/// File Name:	pam_backdoor.tar.gz
Description:	Proof of concept PAM backdoor for Linux and FreeBSD that adds a magic password.
Author:	gml
File Size:	464988
Last Modified:	Nov 5 00:26:13 2003
MD5 Checksum:	52400e00f20a11515b0e1e1bf7ee367b

/// File Name:	pam_rootkit.tar.gz
Description:	This pam backdoor allows access to a machine using a backdoor password and arbitrary commands can also be executed without logging in. Logs normal users passwords to a log file. Configurable without recompilation.
Author:	gml
File Size:	32593
Last Modified:	Jul 17 17:52:00 2004
MD5 Checksum:	969c99b76280ca474c9f945b12c3becb

/// File Name:	phalanx-b6.tar.bz2
Description:	Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.
Author:	rebel
File Size:	19479
Last Modified:	Dec 27 03:25:28 2005
MD5 Checksum:	3d0ef3793579cd846e43a034d147ecd0

/// File Name:	Phantasmagoria.tgz
Description:	Phantasmagoria hides tasks without modifying syscalls in Linux kernel v2.4. Includes a paper "Smashing The Kernel For Fun And Profit" and proof of concept code.
Author:	Dark Angel
File Size:	13061
Last Modified:	Sep 6 00:26:23 2002
MD5 Checksum:	a278f9b3307f3c37c9c9d1247f110575

/// File Name:	phide.tar.gz
Description:	Phide - A lkm that hides processes under Linux 2.0. There already exist such thing for Linux 2.2 [like heroin.c or knark] but they're just for Linux 2.2.
Author:	Noah
Homepage:	http://ns2.crw.se/~tm/
File Size:	2667
Last Modified:	Jan 28 18:53:58 2000
MD5 Checksum:	25ca4d12e42ba1ac0e3a5a71ccc9f33e

/// File Name:	pingrootkit.tar.bz2
Description:	Ping Rootkit executes a root shell by simply executing the well known and "trusted" command with a special argument and a password. Includes the full source code for ping as well as the patch.
Author:	Herrumbre
Homepage:	http://www.gnuler.com.ar
File Size:	33902
Last Modified:	May 29 01:48:54 2006
MD5 Checksum:	e19afeeeb6309c2e3b7f6dc750ce11b2

/// File Name:	pizzaicmp.c
Description:	ICMP-based triggered Linux kernel module that executes a local binary upon successful use.
Author:	Evil
Homepage:	http://www.eviltime.com
File Size:	3898
Last Modified:	Sep 14 20:59:10 2004
MD5 Checksum:	c9c063dae420499bd575306c2176694b

/// File Name:	pop3d-trojan.tar.gz
Description:	in.pop3d backdoor - Still functions as in.pop3d, but gives a shell with the proper password.
Author:	Formatez
File Size:	58476
Last Modified:	Jan 24 15:28:44 2000
MD5 Checksum:	17c5305640b6991c01bca8be2220d04a

/// File Name:	psf.c
Description:	Psf (Process Stack Faker) attempts "hide" UN*X processes (those seen by "ps auwx" & "top") without having root. Tested on FreeBSD 4.3, Linux 2.4, NetBSD 1.5, Solaris 2.7.
Homepage:	http://sysdlabs.hypermart.net/proj/index.html#psf
File Size:	10641
Last Modified:	May 20 01:01:11 2002
MD5 Checksum:	9201bd94e640580b7fab70294ff169b6

/// File Name:	pure-xinetd-backdoor.c
Description:	Xinetd backdoor.
Author:	Pwr
File Size:	1339
Last Modified:	Jun 2 23:40:25 2002
MD5 Checksum:	7d06bac34cf9bd9bd77ad1523bfa48b5

/// File Name:	Q-0.9.tgz
Description:	First public release of Q - a client / server backdoor with strong (256 bit AES) encryption for remote shell access. Also supports encrypted tcp relay/bouncer server that supports normal clients (with a local encryption tunneling daemon). Includes stealth features like activation via raw packets, syslog spoofing, and single-session servers that prevent it from appearing in netstat.
Author:	Mixter
Homepage:	http://members.tripod.com/mixtersecurity
File Size:	29989
Last Modified:	Nov 22 16:09:07 1999
MD5 Checksum:	29b5c339905f4426ee32f8b384efef18

/// File Name:	Q-2.4.tar.gz
Description:	Q v2.4 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports.
Author:	Mixter
Homepage:	http://mixter.void.ru
Changes:	Now uses strong RSA/libiSSL encryption for sessions; compatibility with libmix1.2; many bugfixes.
File Size:	319968
Last Modified:	Apr 15 13:38:37 2001
MD5 Checksum:	45a5b2c2b2612f6d6703cd984cc1d8e1

/// File Name:	r57-pid-check.txt
Description:	pid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.
Author:	x97Rang
Homepage:	http://rst.void.ru
File Size:	9664
Last Modified:	Apr 6 14:48:20 2006
MD5 Checksum:	62427ef3574ea99ba8cad2d1ce2f38c9

/// File Name:	Raditz.cc
Description:	Raditz is a hacked replacement for the tripwire binary which never actually gets tripped. It attempts look and feel just like tripwire, allowing you to hopefully remain undetected on a rooted system just a little bit longer.
Author:	Technion
Homepage:	http://www.coons.org/
File Size:	6264
Last Modified:	Jun 8 18:06:00 2000
MD5 Checksum:	9498698261bb430e8552e191a34ac37e

/// File Name:	rathole-1.2.tar.gz
Description:	RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.
Author:	Incognito/STK
File Size:	11419
Last Modified:	Nov 30 01:51:07 2007
MD5 Checksum:	c652966a5d9a09c29369794979d4ac6b

/// File Name:	rathole.c
Description:	rathole 1.0 is a passworded backdoor for Linux and Openbsd.
Author:	Incognito/PT
File Size:	2038
Last Modified:	Sep 24 05:39:04 2002
MD5 Checksum:	ab27a2c96b72231c6f8b8412622fecb5

/// File Name:	rcbd.c
Description:	Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.
Author:	St0rM-MaN
File Size:	3047
Last Modified:	Oct 10 01:44:45 2007
MD5 Checksum:	c59b4de790f54bbf3e6e647fc4dc9fd8

/// File Name:	rel.tar.gz
Description:	Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
File Size:	640357
Last Modified:	Jul 11 21:50:51 2007
MD5 Checksum:	4015e13f814c5c33153ab49b196acd81

/// File Name:	Rial.c
Description:	RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn't find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.
Author:	Technok
Homepage:	http://www.pkcrew.org
File Size:	8893
Last Modified:	Dec 2 21:19:05 2000
MD5 Checksum:	3bb687667a69ddc3cd274eb1ffac0719

/// File Name:	Rkit-1.01.tgz
Description:	RKit is a Linux LKM backdoor/rootkit which intercepts the SYS_setuid call and ups a specified UID to 0 when that user logs in thereby successfully (and covertly) backdooring the root account.
Author:	TBob
File Size:	1878
Last Modified:	Mar 15 18:58:24 2001
MD5 Checksum:	e6097ee042b27caf6263bec25f484838

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]