Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd.
885fba40e10573bdedddaf334427dedeca14c2d38df6c931e2a697af2a02b6b8
Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
fb412b9239e72a75c7f47ba4a4785c5cbfc7665494372801af49f21457eed13d
Taskigt - A lkm that gives root to a process that read a special file in /proc.
f0eca75af3f14a4ae599be5eebdcfc86aed08224203ac1340f9cdd37f131da6f
Phide - A lkm that hides processes under Linux 2.0. There already exist such thing for Linux 2.2 [like heroin.c or knark] but they're just for Linux 2.2.
715c4e1f504aff3133a4f88a6f5afd23aff686f72d2eaebaa14d0affcf818d55
in.pop3d backdoor - Still functions as in.pop3d, but gives a shell with the proper password.
10dce7f841ee0b2ee76fb62470c2df3a484a462c99e837ac6c404d6590b28356
Opens a password protected backdoor and lets you execute commands, and then hides in the background. Based on gs.c.
118f42a1b5e7124b4e829331a89a5b9f25e3c7b3cc532e337fd5d7b50f328bc9
Kdb is a nice little backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls.
75bf99652d25caf83a0945b628a334c97577ac6b2b81e8b7140f072095ee8c0f
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
eb267f7a7c636c4f0801a4620eafcdec5920ba846e3e94a1c63cf553d5b849ab
A udp based backdoor, client and server are written in perl. Uses port 520 by default.
d8bf748b9c86b1dd64e03319f9248f83d6d987247fd3fb2c582a064534f62bfb
CGI backdoor which can be compiled with or without logging. Password protected. Tested on Redhat 6.1.
02d250d186f01c30bca80ad68e647846982248754d106abadb01948f5566cd17
A small patch to sshd v1.2.27 which accepts a magic password to authenticate, and does not log to utmp/wtmp or syslog.
fef5a827046990a0ea4068515a72d898772a4535c343b9f82da035c1616f137a
First public release of Q - a client / server backdoor with strong (256 bit AES) encryption for remote shell access. Also supports encrypted tcp relay/bouncer server that supports normal clients (with a local encryption tunneling daemon). Includes stealth features like activation via raw packets, syslog spoofing, and single-session servers that prevent it from appearing in netstat.
d7265225af4406ffa7e288ab5319b6ec454cdc37a2b202d271b4a02a5c08f0de
Knark is a kernel based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects for seamlessly bypassing tripwire / md5sum.
0a74c43e3e1e3f191114cf82097d3a11d695c91a6730013a6977c69ccf3c7273
Knark is a kernel-based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects.
2ca87438b3600053b676be52bdbdb15dfd1129e0bf7612e3d6aac9135e2fdae0
Unix backdoor which pretends to be a http daemon.
e8731998c6f8964470198eb94c4df8a820262e7bcd5c9ed5a0ceb724d820911a
Two rootkit / backdoor patches to ssh-1.2.27. The first diff turns ssh into a major backdoor. it will report itself as nscd in the process list, have ALL logging disabled, run on a different port, ignore all settings in the config file and allow a "magic word" login to all accounts, including root. The other patch simply adds a magic password to sshd, for use in patching an existing sshd.
0c22682fe16b85f57f3fd1e4fa16eba7f88a069bc20ffd06c865232b67e63217
w00w00's magic backdoor patch for ssh 1.2.27. Magic password, does not log, permits root login, etc.
b1284a90e4dccd597fa85ec3955f042eb2b49e8482af678c13bd0f0f633ff0c5
Patch to ssh-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
a839c849d2ea52b4152c72b96589319fa0576573ad8bebf8d338cbf254567e19
No information is available for this file. Archive password is set to p4ssw0rd. Use at your own risk.
1c0ecf07b926b785faa723d041b07f4bc7ec0167fb5672211a4954ae6d834c69
No information is available for this file. Archive password is set to p4ssw0rd. Use at your own risk.
81b7b155c7aeaa6e5f4a13cb3767c52de5b6ea0a26c39a84046fb36e95367b06
No information is available for this file. Archive password is set to p4ssw0rd. Use at your own risk.
6ab62d34531347f9baa97a4853641d0fbcd50c9324fc958d0caad9d1200e21bd
Linux Rootkit 4 - Precompiled Unshadowed Distribution.
02fd3e589f011082945772cd8000e84c6c499f03e1b69a68ad3d77c7b42ca89d
No information is available for this file. Archive password is set to p4ssw0rd. Use at your own risk. Archive password is set to p4ssw0rd. Use at your own risk. Archive password is set to p4ssw0rd. Use at your own risk. Archive password is set to p4ssw0rd. Use at your own risk.
fda05ac95076efa11544721c1a77b8e3
Gummo backdoor server - a basic but effective backdoor server.
8e17d2175a09685c0f1ee330254435a8eba65f36c2345707fe427ff10b092d01
sm4ck v0.1 adds three simple backdoors to the box you execute it on.
bb938a1abacf0fd1d7d14180708f02d8c8cb13a13cf985fd17fe257c313c261c