Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
sol24.zip |
Description:
|
Solaris 2.4 rootkit.
| | File Size: | 5949 | | Last Modified: | Aug 16 20:06:53 1999 |
| MD5 Checksum: | 411213add7627494a48b94a504917b38 |
|
| /// File Name: |
sol25.zip |
Description:
|
Solaris 2.5.1 rootkit.
| | File Size: | 7882 | | Last Modified: | Aug 16 20:06:53 1999 |
| MD5 Checksum: | a7cb0fb898d231711a160a6308bb5342 |
|
| /// File Name: |
ssh-1.2.27rk.diff |
Description:
|
w00w00's magic backdoor patch for ssh 1.2.27. Magic password, does not log, permits root login, etc.
| | Author: | shadow | | Homepage: | http://www.w00w00.org | | File Size: | 3673 | | Last Modified: | Nov 4 01:40:45 1999 |
| MD5 Checksum: | e96d9e18cde693eab2f572e3e8676304 |
|
| /// File Name: |
ssh0wn.diff |
Description:
|
Patch for openssh-3.4p1 that will grant login access to any user with the "secret" pass and that user will not be logged. It will also capture usernames and passwords on outbound and inbound ssh connections.
| | Author: | Enz00 | | Homepage: | http://sec.angrypacket.com | | File Size: | 5595 | | Last Modified: | Aug 8 21:06:07 2002 |
| MD5 Checksum: | 6efb88ae0c6e3fec167935a646a9ec6e |
|
| /// File Name: |
sshd.c.diff-1.2.27 |
Description:
|
A small patch to sshd v1.2.27 which accepts a magic password to authenticate, and does not log to utmp/wtmp or syslog.
| | Author: | Ajax | | Homepage: | http://users.dhp.com/~ajax/projects | | File Size: | 1992 | | Last Modified: | Nov 29 19:59:45 1999 |
| MD5 Checksum: | 4dcfe52ec799e78df496516afd7b9c29 |
|
| /// File Name: |
ssheater-1.1.tar.gz |
Description:
|
SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.
| | Author: | Barros | | Homepage: | http://www.gotfault.net/ | | File Size: | 16852 | | Last Modified: | Apr 6 15:09:49 2006 |
| MD5 Checksum: | 584353ff41ac6ad6a59f87eaa8b05340 |
|
| /// File Name: |
suckit2priv.tar.gz |
Description:
|
SucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.
| | Author: | sd | | Homepage: | http://sd.g-art.nl | | File Size: | 465502 | | Last Modified: | Oct 13 02:06:53 2005 |
| MD5 Checksum: | 3bb82c1fddcc47456efee6f3687e4f51 |
|
| /// File Name: |
sun-5.5.1.zip |
Description:
|
Solaris 2.5.1 rootkit.
| | File Size: | 14587 | | Last Modified: | Aug 16 20:06:53 1999 |
| MD5 Checksum: | ebf975690e348e10295a463ab13c5229 |
|
| /// File Name: |
superkit.tar.gz |
Description:
|
Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
| | Author: | mostarac | | File Size: | 49939 | | Last Modified: | Nov 13 21:24:05 2003 |
| MD5 Checksum: | 9b98867b4b10b9461c06b82f42d2e9b0 |
|
| /// File Name: |
Synapsys-lkm.tar.gz |
Description:
|
Synapsis is a LKM rootkit for Linux which features file hiding, process hiding, user hiding, magic UID, and netstat hiding.
| | Author: | Berserker | | Homepage: | http://www.neural-collapse.org | | File Size: | 5298 | | Last Modified: | Mar 16 17:27:35 2001 |
| MD5 Checksum: | aa9aeedd64b1d79407698c5703d358fc |
|
| /// File Name: |
taskigt.tar.gz |
Description:
|
Taskigt - A lkm that gives root to a process that read a special file in /proc.
| | Author: | noah | | Homepage: | http://ns2.crw.se/~tm/ | | File Size: | 1286 | | Last Modified: | Jan 28 18:54:48 2000 |
| MD5 Checksum: | b4d52ecb3a6914d9836ecfea34237649 |
|
| /// File Name: |
tcpd-byp.tar.gz |
Description:
|
Modified tcp wrappers which bypass restrictions in hosts.deny and hosts.allow.
| | Author: | God- | | Homepage: | ftp://haxordot.org/pub/god-/ | | File Size: | 14905 | | Last Modified: | Aug 5 23:07:04 2000 |
| MD5 Checksum: | ac6a784b6ca87296554ef4544558b0d3 |
|
| /// File Name: |
thclinbd.tar.gz |
Description:
|
THC Backdoor for Linux - This is a simple but useful backdoor for Linux based on a FreeBSD lkm by pragmatic/THC.
| | Author: | bELFaghor | | Homepage: | http://www.s0ftpj.org | | File Size: | 997 | | Last Modified: | Jan 4 19:39:14 2001 |
| MD5 Checksum: | 7855b79979217cd5813788e01a0e1b83 |
|
| /// File Name: |
thcobsdbd.tar.gz |
Description:
|
THC Backdoor ported to OpenBSD - This is a simple but useful backdoor for OpenBSD based on a FreeBSD lkm by pragmatic/THC.
| | Author: | Pigpen | | Homepage: | http://www.s0ftpj.org | | File Size: | 1582 | | Last Modified: | Jan 4 19:37:46 2001 |
| MD5 Checksum: | 11ada1cc8831dc0a793e5b9c3a2c9b78 |
|
| /// File Name: |
tk.tgz |
Description:
|
Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
| | Author: | Johnny7 | | File Size: | 343567 | | Last Modified: | Sep 18 19:44:39 2000 |
| MD5 Checksum: | 2332de2af78eca68542fa30fb2d37283 |
|
| /// File Name: |
tl0gin.c |
Description:
|
Trojan /bin/login.
| | Author: | m4rc3l0 | | File Size: | 2164 | | Last Modified: | Dec 16 10:23:14 2002 |
| MD5 Checksum: | c4467dfbf32a55282b92eaaa055652a9 |
|
| /// File Name: |
tnet-tools-1.55.tar.gz |
Description:
|
Ifconfig and Netstat trojan - reads interfaces (sit0, eth0, eth0:1) from a file , defined in a char[] array and hides it.
| | Author: | Twiz | | Homepage: | http://www.twlc.net | | File Size: | 99011 | | Last Modified: | Jul 18 21:31:51 2001 |
| MD5 Checksum: | 66e7b041c4913304d281ae0701d9b059 |
|
| /// File Name: |
toolkit.tgz |
Description:
|
The R3dstorm Toolkit is a rootkit like utility which hides processes and files and was tested on Red Hat 9.0.
| | Author: | r3dstorm | | File Size: | 1870878 | | Last Modified: | Jan 6 03:17:32 2004 |
| MD5 Checksum: | b8d3e1b38213fa172890f41e30411dab |
|
| /// File Name: |
trNkitv1.0r.tar.gz |
Description:
|
trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
| | Author: | turnrightNever | | File Size: | 13353 | | Last Modified: | Jan 25 02:14:22 2002 |
| MD5 Checksum: | 30e6999a115ab145c17d2351744c1bda |
|
| /// File Name: |
Troier-v1.0r.tgz |
Description:
|
Troier is a package of trojaned linux commands. Includes du, locate, netstat, ps, pstree, top, w, and who.
| | Author: | TurnRightNever. | | File Size: | 9533 | | Last Modified: | Jan 17 01:38:33 2002 |
| MD5 Checksum: | 182c309ade99cf302b6dc13cff0c54e9 |
|
| /// File Name: |
Trojanit.tar.gz |
Description:
|
compact trojan/root kit for linux and maybe bsd.
| | Author: | syg [at] EFnet. bugfix release | | File Size: | 4866 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | f37b1a87bd7484f393118ead24edaab2 |
|
| /// File Name: |
trojodaemon.c |
Description:
|
Trojodaemon is a simple tool which allows you to start a process at boot.
| | Author: | Dev | | File Size: | 2214 | | Last Modified: | May 29 02:00:44 2002 |
| MD5 Checksum: | 4ee3bb29be054cab63922eb934cfec60 |
|
| /// File Name: |
tumbler.tar.gz |
Description:
|
tumbler is a protocol that enables a client piece of software to securely tell a server process on a remote machine to execute a predetermined command. tumbler is similar to port knocking and is designed so that a remote user can securely and stealthily enable and disable server processes, or open and close firewall holes on a computer connected to the Internet.
| | Author: | John Graham-Cumming | | Homepage: | http://tumbler.sourceforge.net/ | | File Size: | 10240 | | Last Modified: | Apr 18 20:45:00 2004 |
| MD5 Checksum: | b76000ec994e66526b964d7c579646ba |
|
| /// File Name: |
tunnelshell_2.3.tgz |
Description:
|
Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).
| | Author: | Fryx | | Homepage: | http://www.geocities.com/fryxar | | File Size: | 7410 | | Last Modified: | Nov 21 13:35:56 2003 |
| MD5 Checksum: | 2cff53694f9cfe864f65d83f9901529b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
