This is a backdoored version of openssh-8.0p1 where the ssh client will log the ssh username and ssh password into /opt/.../log.txt.
f82adc0b1250fc99dd1084b64d7615221985dff9a51580cc3cfaedc1f2218b6b
BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.
9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07c
Ftrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.
ccd1e1687bfaa5e306d03caa2b040597c4571ce16bc6f5a3ad737ced8e457c56
The BDS Userland rootkit is a Linux userland rootkit. It hides files, directories, processes, the bind shell port, the daemon port, and the reverse shell port. It also cleans up bash history and logs during installation.
c7170315137f5e7109aba32c9e58a703b353e1326e4a9584ba97e9f9c1926310
The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.
f80995082ade857bc8c222749aa3ff2fe683f4b3f02e618e111a589f857646e2
Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.
48d8b60d0bc4cdb2a44679ca2e1994ad76834d87845227891745d812a2dd8f7b
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NĂ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.
efa4bb512562aea95bee50fc8810a3a5b1b7f5e063254ef058a940ae82908a4e
Rootstealer is a program to detect when a linux user opens a terminal with root and it injects intrusive commands in the terminal with X11.
54c86bf1faf136038fdeadbb69a5f8f93b91e69eff440bf313b3c8ebfccb3ede
Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.
f8988b56610db94e4f461b587735813c4396591d094d10be55ff1550496bacbe
This bundle contains various implants such as BLATSTING, BANANAGLEE, and BANANABALLOT. They are firewall and BIOS implants. Note that these implants are part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content.
461b46c0bfedff8d2e789d7f1566faa182c6a8c4d926210c1e842f88d00087b5
This is a modified WSO PHP shell backdoor that maraudes as a 404 in order to try and hide. On top of that the backdoor is probably backdoored.
fd3db2020e82517d8fbfcc8dd3399efbdf82057353b94509995bba128030d193
This is a Linux kernel module that adds a backdoor to a system. Based on sunxi_debug.
4e6f48c2c881d53eaa6936060c88426fcbc23abe2ac8482887470073b2fa311f
ASP webshell backdoor designed specifically for IIS 8.
a44d9c6790e87fa2491d5b551491b6c414d55452959ef3a48cf31d639af39609
This is a collection of PHP backdoors to be used for testing purposes.
997ab3e72c4fbfbfe776d677c590bd7dc9957932824d7df93b620c71def18bec
Python code that provides a reverse TCP shell.
1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cd
This module, once loaded, gives the thread/user calling it root instantly without spawning an extra shell.
18f30618ad3713cc726b74e9d186be2cf70a0e5d6a1cb305881c92ffc22f512b
AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.
b8a137308d0d953152da794073389bc6abb15be5bc89f85eb493f1ec3b0b236e
This bot code was liberated from the Lizard Squad.
1af299a269ffdb4461e181ca774fc307a592288ad4b3f6b93226c955eb9b8084
Xingyiquan rootkit for Linux kernel versions 2.6.x and 3.x. It hides processes, files, directories, processes, network connections, adds backdoors, and more.
c3816e8c416c9c40735117ccf83f8351a2162575c9b07aadde2d98735b710d92
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.
17bb28d0c4a3e2058cf728936b45586915c671f6cadd0920f2e695332adabeb7
PoisonShell is a simple PHP shell that has several options.
1177aa0f4865f3d1e5e984496bebd9fb296ac647af1d140d40bd1a04998ca97a
Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.
ec98508fc4cdf0112e94528e07c54147f753faa6a4210d9ea336d8c58a2140de
Web-Spa is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated operating system (O/S) command on it.
a947eaea9219435522452e5998b2815a6bc802c2c9c0ccc0d1d38e524c6b022e
This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
This code is a shell sniffer that logs keystrokes for bash 3.0.
9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0