exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 256 RSS Feed


TripleCross Linux eBPF Rootkit
Posted Jul 5, 2022
Authored by Marcos S. Bajo | Site github.com

TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NĂ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.

tags | tool, rootkit
systems | linux, unix
SHA-256 | efa4bb512562aea95bee50fc8810a3a5b1b7f5e063254ef058a940ae82908a4e
Rootstealer X11 Code Executor
Posted Mar 10, 2018
Authored by coolervoid

Rootstealer is a program to detect when a linux user opens a terminal with root and it injects intrusive commands in the terminal with X11.

tags | tool, root, rootkit
systems | linux, unix
SHA-256 | 54c86bf1faf136038fdeadbb69a5f8f93b91e69eff440bf313b3c8ebfccb3ede
Vlany Linux LD_PRELOAD Rootkit
Posted Nov 10, 2016
Authored by mempodippy

Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.

tags | tool, rootkit
systems | linux, unix
SHA-256 | f8988b56610db94e4f461b587735813c4396591d094d10be55ff1550496bacbe
Posted Aug 18, 2016

This bundle contains various implants such as BLATSTING, BANANAGLEE, and BANANABALLOT. They are firewall and BIOS implants. Note that these implants are part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content.

tags | tool, rootkit
systems | unix
SHA-256 | 461b46c0bfedff8d2e789d7f1566faa182c6a8c4d926210c1e842f88d00087b5
WSO Shell Variant Using A 404
Posted Jun 13, 2016
Authored by z404

This is a modified WSO PHP shell backdoor that maraudes as a 404 in order to try and hide. On top of that the backdoor is probably backdoored.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | fd3db2020e82517d8fbfcc8dd3399efbdf82057353b94509995bba128030d193
Sunxi Linux Module Backdoor
Posted May 23, 2016
Authored by Analiz

This is a Linux kernel module that adds a backdoor to a system. Based on sunxi_debug.

tags | tool, kernel, rootkit
systems | linux, unix
SHA-256 | 4e6f48c2c881d53eaa6936060c88426fcbc23abe2ac8482887470073b2fa311f
ASP Webshell For IIS 8
Posted May 12, 2016
Authored by Savio Bot

ASP webshell backdoor designed specifically for IIS 8.

tags | tool, rootkit, asp
systems | windows
SHA-256 | a44d9c6790e87fa2491d5b551491b6c414d55452959ef3a48cf31d639af39609
PHP Backdoor Collection
Posted May 10, 2016
Authored by Bart Blaze

This is a collection of PHP backdoors to be used for testing purposes.

tags | tool, php, rootkit
systems | unix
SHA-256 | 997ab3e72c4fbfbfe776d677c590bd7dc9957932824d7df93b620c71def18bec
Linux Reverse TCP Shell In Python
Posted Jul 27, 2015
Authored by B3mB4m

Python code that provides a reverse TCP shell.

tags | tool, shell, tcp, rootkit, python
systems | unix
SHA-256 | 1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cd
FreeBSD 10.x Backdoor Module
Posted Jul 6, 2015
Authored by dash | Site hack4.org

This module, once loaded, gives the thread/user calling it root instantly without spawning an extra shell.

tags | tool, shell, root, rootkit
systems | unix
SHA-256 | 18f30618ad3713cc726b74e9d186be2cf70a0e5d6a1cb305881c92ffc22f512b
AESshell 0.7
Posted Jun 25, 2015
Authored by Marco Lux

AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.

tags | tool, shell, rootkit, python
systems | windows, unix
SHA-256 | b8a137308d0d953152da794073389bc6abb15be5bc89f85eb493f1ec3b0b236e
Lizard Squad Botnet Code
Posted Jan 13, 2015
Authored by chippy1337

This bot code was liberated from the Lizard Squad.

tags | tool, rootkit
systems | unix
SHA-256 | 1af299a269ffdb4461e181ca774fc307a592288ad4b3f6b93226c955eb9b8084
Xingyiquan Linux 2.6.x / 3.x Rootkit
Posted Nov 2, 2014
Authored by Sw0rdm4n | Site cr0security.com

Xingyiquan rootkit for Linux kernel versions 2.6.x and 3.x. It hides processes, files, directories, processes, network connections, adds backdoors, and more.

tags | tool, kernel, rootkit
systems | linux, unix
SHA-256 | c3816e8c416c9c40735117ccf83f8351a2162575c9b07aadde2d98735b710d92
OpenSSL 6.7p1 bl0wsshd00r67p1 Backdoor
Posted Oct 23, 2014
Authored by Bl0w

bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.

tags | tool, rootkit
systems | unix
SHA-256 | 17bb28d0c4a3e2058cf728936b45586915c671f6cadd0920f2e695332adabeb7
PoisonShell PHP Backdoor
Posted Sep 13, 2014
Authored by Doddy Hackman

PoisonShell is a simple PHP shell that has several options.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 1177aa0f4865f3d1e5e984496bebd9fb296ac647af1d140d40bd1a04998ca97a
Azazel Userland Rootkit
Posted Feb 17, 2014
Authored by stderr | Site blackhatlibrary.net

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.

tags | tool, rootkit
systems | unix
SHA-256 | ec98508fc4cdf0112e94528e07c54147f753faa6a4210d9ea336d8c58a2140de
Web-Spa 0.5
Posted Oct 18, 2013
Authored by Subere

Web-Spa is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated operating system (O/S) command on it.

tags | tool, java, web, rootkit
systems | unix
SHA-256 | a947eaea9219435522452e5998b2815a6bc802c2c9c0ccc0d1d38e524c6b022e
Bash 3.0 Shell Sniffer 0.2 Auto Installer
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.

tags | tool, shell, rootkit, bash
systems | unix
SHA-256 | 0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
Bash 3.0 Shell Sniffer 0.2
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code is a shell sniffer that logs keystrokes for bash 3.0.

tags | tool, shell, rootkit, bash
systems | unix
SHA-256 | 9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0
Miyachung BackConnect Shell
Posted Jul 31, 2013
Authored by miyachung

This is a PHP shell that provides the ability to connect back, grab files, perform exploit searches for local roots and compile and run them, and much more.

tags | tool, shell, local, root, php, rootkit
systems | unix
SHA-256 | 9a58a31ca500190b10953b45211f622c7f926cd4e939781b4f99fae0213fad96
nginx Backdoor
Posted Jul 19, 2013
Authored by t57root | Site hackshell.net

This code is a backdoor for nginx. It provides remote shell access, SOCKS5 tunneling, and HTTP password sniffing and logging.

tags | tool, remote, web, shell, rootkit
systems | unix
SHA-256 | 8f754357b61c73fe20efc8dd28b52d222feb812bbaf36bebdfee47e30d0ddfb1
Web Shell Backdoor 1.1
Posted Jul 4, 2013
Authored by M.R.S.CO

This is a simple PHP web shell backdoor.

tags | tool, web, shell, php, rootkit
systems | unix
SHA-256 | aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994
SCTP Reverse Shell
Posted Jun 26, 2013
Authored by infodox

This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.

tags | tool, shell, rootkit, python
systems | unix
SHA-256 | 6743f69ce173275310d5f2ffe1d1a49e6786c7abd202da271f4e6f25bd156590
Simple PHP Backdoor
Posted Jun 25, 2013
Authored by infodox

This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.

tags | tool, web, php, rootkit
systems | unix
SHA-256 | 397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aab
PHP Kit 1.0
Posted Feb 12, 2013
Authored by infodox

PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().

Changes: Code clean up.
tags | tool, arbitrary, php, rootkit
systems | unix
SHA-256 | 9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36
Page 1 of 11

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By