Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
toolkit.tgz |
Description:
|
The R3dstorm Toolkit is a rootkit like utility which hides processes and files and was tested on Red Hat 9.0.
| | Author: | r3dstorm | | File Size: | 1870878 | | Last Modified: | Jan 6 03:17:32 2004 |
| MD5 Checksum: | b8d3e1b38213fa172890f41e30411dab |
|
| /// File Name: |
trNkitv1.0r.tar.gz |
Description:
|
trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
| | Author: | turnrightNever | | File Size: | 13353 | | Last Modified: | Jan 25 02:14:22 2002 |
| MD5 Checksum: | 30e6999a115ab145c17d2351744c1bda |
|
| /// File Name: |
Troier-v1.0r.tgz |
Description:
|
Troier is a package of trojaned linux commands. Includes du, locate, netstat, ps, pstree, top, w, and who.
| | Author: | TurnRightNever | | File Size: | 9533 | | Last Modified: | Jan 17 01:38:33 2002 |
| MD5 Checksum: | 182c309ade99cf302b6dc13cff0c54e9 |
|
| /// File Name: |
Trojanit.tar.gz |
Description:
|
compact trojan/root kit for linux and maybe bsd.
| | Author: | syg [at] EFnet. bugfix release | | File Size: | 4866 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | f37b1a87bd7484f393118ead24edaab2 |
|
| /// File Name: |
trojodaemon.c |
Description:
|
Trojodaemon is a simple tool which allows you to start a process at boot.
| | Author: | Devilnet | | File Size: | 2214 | | Last Modified: | May 29 02:00:44 2002 |
| MD5 Checksum: | 4ee3bb29be054cab63922eb934cfec60 |
|
| /// File Name: |
tumbler.tar.gz |
Description:
|
tumbler is a protocol that enables a client piece of software to securely tell a server process on a remote machine to execute a predetermined command. tumbler is similar to port knocking and is designed so that a remote user can securely and stealthily enable and disable server processes, or open and close firewall holes on a computer connected to the Internet.
| | Author: | John Graham-Cumming | | Homepage: | http://tumbler.sourceforge.net/ | | File Size: | 10240 | | Last Modified: | Apr 18 20:45:00 2004 |
| MD5 Checksum: | b76000ec994e66526b964d7c579646ba |
|
| /// File Name: |
tunnelshell_2.3.tgz |
Description:
|
Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).
| | Author: | fryxar | | Homepage: | http://www.geocities.com/fryxar | | File Size: | 7410 | | Last Modified: | Nov 21 13:35:56 2003 |
| MD5 Checksum: | 2cff53694f9cfe864f65d83f9901529b |
|
| /// File Name: |
tunnelshell_v1.tgz |
Description:
|
Tunnelshell is a client-server backdoor which uses fragmented packets to traverse firewalls. Written in C, tested on Linux.
| | Author: | fryxar | | File Size: | 15410 | | Last Modified: | Jan 31 02:18:07 2002 |
| MD5 Checksum: | d85e5b237d50e8eac3adc6a84bc13157 |
|
| /// File Name: |
udp_backdoor.tar.gz |
Description:
|
UDP backdoor which uses raw sockets. It spoofs the packets origin address when communicating with the server end of the backdoor. It also uses encryption, and has several methods of security through obscurity.
| | Author: | Plastek | | File Size: | 3380 | | Last Modified: | Feb 22 02:06:24 2002 |
| MD5 Checksum: | e631d34f6472356f7a8695a2650e6197 |
|
| /// File Name: |
ulogin.c |
Description:
|
Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
| | Author: | Tragedy | | Homepage: | http://www.etc-crew.org | | File Size: | 1344 | | Last Modified: | Feb 4 17:54:55 2000 |
| MD5 Checksum: | 4d5c12f579e07686a1b350c0064601f4 |
|
| /// File Name: |
utrojan.c |
Description:
|
Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd.
| | Author: | Axess | | File Size: | 1625 | | Last Modified: | Feb 7 15:13:50 2000 |
| MD5 Checksum: | 40afffb1f5acd39467e53bb6b41088d1 |
|
| /// File Name: |
vexed.sh |
Description:
|
Backdoor shell script to be run from cron monthly.
| | Author: | Sil | | File Size: | 3109 | | Last Modified: | Nov 22 04:28:40 2001 |
| MD5 Checksum: | 0793fc12f1e7d665299d8bcc965302b0 |
|
| /// File Name: |
whodo.c |
Description:
|
Whodo.c is a simple local backdoor for the Solaris whodo command.
| | Author: | Dr. Genius | | File Size: | 20226 | | Last Modified: | Aug 17 12:56:35 2000 |
| MD5 Checksum: | 7ebf7fd1c6e52d36f0e165c4185020d4 |
|
| /// File Name: |
wu-ftpd-trojan.tar.gz |
Description:
|
Wu-ftpd Trojan - Login with specific user/pass and it gives you a root shell.
| | Author: | Axess | | File Size: | 243698 | | Last Modified: | Feb 15 14:09:38 2000 |
| MD5 Checksum: | d4898700229efa2117f06379ec538d6c |
|
| /// File Name: |
wx-01.tar.gz |
Description:
|
New Macintosh OS-X rootkit that is roughly based off of adore. It hides itself from kextstat, netstat, utmp and wtmp. Further revisions to include a reverse shell triggered by ARP and DNS packets.
| | Author: | nemo | | Homepage: | http://neil.slampt.net/ | | File Size: | 263191 | | Last Modified: | Oct 27 02:49:35 2004 |
| MD5 Checksum: | 57d1312f1e101f52b9b08e4d557a2f99 |
|
| /// File Name: |
wX.tar.gz |
Description:
|
WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.
| | Author: | Nemo | | Homepage: | http://neil.slampt.net/files/Projects/weaponX/ | | File Size: | 271409 | | Last Modified: | Nov 4 18:22:59 2004 |
| MD5 Checksum: | 12fa6fb5faf460fce717f8d298625bd0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
