This is a PHP shell that provides the ability to connect back, grab files, perform exploit searches for local roots and compile and run them, and much more.
9a58a31ca500190b10953b45211f622c7f926cd4e939781b4f99fae0213fad96This code is a backdoor for nginx. It provides remote shell access, SOCKS5 tunneling, and HTTP password sniffing and logging.
8f754357b61c73fe20efc8dd28b52d222feb812bbaf36bebdfee47e30d0ddfb1This is a simple PHP web shell backdoor.
aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.
6743f69ce173275310d5f2ffe1d1a49e6786c7abd202da271f4e6f25bd156590This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.
397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aabPHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36This is a simple utility for exploiting command injection vulnerabilities in web applications. Supports POST and GET requests. Can deliver an "inline shell" or a (python) reverse shell.
2c82dcde1a7835fac49946c2d7c022271f0105c0e8c280133632994e909508cdPHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
3078b9daa99d887414dbe12584cdafa91a5f3554f05f8ad34cdf5d3ffe218a26PHPkit is a simple PHP based backdoor, leveraging include() and php:// input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include(). Includes a simple python client that gives a "shell" on the server.
a0b89f7413840636a73320699e779bec747d2127f4e7880708cb96dae4596056This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.
27ad339a1514e347e845b24923cfcd49b2242e7c4f4111ce61e4b88048eb9c3eThis is a mini-php backdoor shell.
5ca862943a56fca9733eed2540342a6875fffe6804949d6179595f4a6df1aeeaUnix/Darbe-A is a new kernel rootkit backdoor based in the /proc file system.
e25b0997b5091f37ef98994f27fe8bbbd761dbb249f79ecc16ff5c73bf2ba57eThis sample code is a reverse shell written in PHP with an authentication feature.
baa6da9a5a8a1d7c041facc10f0ed1b4c6b6b4431f46cb1460624911beda9e6bThis is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.
b104cfd2f826400eb9d8d5a81941ae270ed54b62ebfb9893fc474185b717dd60Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
9ca1b6b62a4fcc57851e48e31b456e9ea711e0ef46b10cf39d3277547b450333NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
abba3db5d6d8d109c7a47018d57d39b218beaabd3f5704fd0bd207157668d4bdJynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
8aed104a95e0968ecd5e1edac63a89615a69f27a46f562a20f107543a6ce2099Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed.
6f197acdeea20ab9bfd507bc9b7b41f814bbf276f8f26d7b7d2f1d89744c1b14WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
087283a5e4ae66b6ac53dccfd5878fe22ca5d12bcebb302675d4406e23575560This is a small connect-back script written in Python.
835b9dec3575dd1389efc8a4a007dd336a926416a6593e7523caf0ba48d3e976trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
a0eed62b5c320cfd39c32774d90d6628aacc7c98a02dc18bb3533d4641887a47WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
586fbad973ea45413a2213504358a5aee068c791511b7cdb2756e9cc84cdcf2cThis is a very small backdoor written in Python.
d0baeea38076b6dcda8e266effbaece56f3447f95f42e03b5da43c0f47bbafeflog2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.
df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more.
63f6b4bc4339137a2e0815584ec2c392125bf6d3a2e797f3285be98719fd091b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed