exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 256 RSS Feed

Files

Turtle FreeBSD Rootkit 2
Posted Aug 28, 2011
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

Changes: This rootkit now hides processes and has a remote shell over ICMP packets.
tags | tool, kernel, rootkit
systems | unix, freebsd
SHA-256 | 5d9c7ea1f5b26a22623fcf4d3cef0c6fe8dce24ab8d206098990fb0f90ad98ce
GotRoot Shell Script
Posted Aug 9, 2011
Authored by Codeine

This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.

tags | tool, root, rootkit, bash
systems | linux, unix, ubuntu
SHA-256 | dbcfe980157abcbf52b90ed25f13f5a5ca5b90bf4ec49c9d58423b69de944a14
H4ckcity Sheller Code And Tutorial
Posted Aug 7, 2011
Authored by 2MzRp, LocalMan | Site h4ckcity.org

This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.

tags | tool, php, rootkit
systems | linux, unix
SHA-256 | 8ebfc9a80c59fc7685830768e0b0e61b40167f043d648478e5de84c59a300d6e
SyRiAn Sh3ll 7
Posted Jul 6, 2011
Authored by SyRiAn_SnIpEr, SyRiAn_34G13, Darkness Caesar

SyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.

tags | tool, local, php, rootkit
systems | linux, unix
SHA-256 | 0e7f6e9c57da41f9316262dc22b4b3227f52c30f15747639a8780ab3c18c4fa8
Viper Auto-Rooting Script
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.

tags | tool, root, rootkit
systems | linux, unix, solaris, freebsd, apple, osx
SHA-256 | 5c2ab18173e0e9d1c12ceccdd9635d100e00896d535a7816b65d5b030a8c0d1a
Ncom Libcall Hijacking Rootkit
Posted Mar 27, 2011
Authored by Alessandro Grassi

Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.

tags | tool, rootkit
systems | unix
SHA-256 | 796fea476f1404100a509b2b4c0c463f28d539d1bb611efada016038aad1d7a1
Rootkit Discovered On Debian Lenny Host Post Exim Compromise
Posted Dec 17, 2010
Site reddit.com

This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.

tags | tool, remote, root, rootkit
systems | linux, unix, debian
SHA-256 | 6a324fcebd39bee3df601a2c0bae779d4238f227c025bef29ca33382ddbcd665
ITSecTeam Shell 2.1
Posted Nov 2, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam. It can execute system commands, bypass various controls, connects to common databases and edits files and directories.

Changes: Various clean-up. Added server information, system drive listing and more.
tags | tool, shell, php, rootkit
systems | unix
SHA-256 | ae3a70be5946b093e55e474cf25408d6390702e587d8d5b24404f442be5ddbd5
Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
SHA-256 | 8b8bd3b4567213634fa8d095649b277321095be6c15b34acae704bab66f4b1d5
ITSecTeam Shell 1.1
Posted Sep 8, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 428640bd9e6ab10814a7560818cb822084078acd863ae3339c157e9a31c524db
Devshell Backdoor
Posted Jun 19, 2010
Authored by b374k

Devshell is a CGI backdoor kit.

tags | tool, cgi, rootkit
systems | unix
SHA-256 | e699799c202eec8044569a1867fb88d39c859b87c9907c500f63a15c122997a3
Linux Evil Bindshell
Posted Feb 20, 2010
Authored by gat3way

EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 53782e7dfdb8ce46e8d5cbc85f2c97a2131912e4cb783b0002850349af550897
ZoRBaCK Connect Back Shell
Posted Nov 23, 2009
Authored by ZoRLu

This is the ZoRBaCK Connect php script that allows for a remote shell on a compromised host.

tags | tool, remote, shell, php, rootkit
systems | unix
SHA-256 | d5226055e30c86c65d275b843a2bf889713d2e585da4851f73e2b3df09c6c0e8
ISTAR Proof Of Concept Code
Posted Sep 30, 2009
Authored by Anthony Desnos | Site esiea-recherche.eu

ISTAR is a set of python code that performs various functions including use of ptrace to simulate a userland rootkit.

tags | tool, rootkit, python
systems | unix
SHA-256 | 3bb7022c0e550e915f5519e4b603de58dd1f094954e4b0c4b1307ece8b015b34
Enye LKM Rookit Modified For Ubuntu 8.04
Posted Feb 25, 2009
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.

tags | tool, remote, x86, kernel, local, root, rootkit, proof of concept
systems | linux, unix, ubuntu
SHA-256 | 4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4d
User-land Solaris 10 libc accept() Call Rootkit
Posted Feb 25, 2009
Authored by Subere, C Papathanasiou

This user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.

tags | tool, remote, shell, rootkit
systems | unix, solaris
SHA-256 | 7987443dddeca5ef652aa2a782472ce53514e94d8e6bc5c72c114202001251b2
Hacked Version Of Script
Posted Dec 9, 2008
Authored by Andrea Montanari

Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.

tags | tool, rootkit
systems | unix
SHA-256 | ffaedfe839e7a9bcf9b642da14a75df2d7fe351c1b3e44ff9b7c3b251816b3b0
evilshell.c
Posted Sep 3, 2008
Authored by Simpp

3vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.

tags | tool, remote, shell, rootkit
systems | unix
SHA-256 | a4a668163c7e61330d54c7d954f4e67c8d4b0cf20bf7c6186e755e7be503d257
c99.tgz
Posted Aug 19, 2008
Authored by Kristo Pher | Site kkteam.co.uk

The Klueless Klowns Team variant of the c99 php shell.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 0fe81b489e390113feb7ba02fccf9f98d277d8a6fe930743d7211895dc8acf41
ezmal-0.2.zip
Posted Jul 31, 2008
Authored by microphone8000

EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.

tags | tool, trojan, rootkit
systems | unix, apple, osx
SHA-256 | ede6c9e28e6281d843450ff08dfd351c31a3be99c34168bd69790f9c74034168
3vilSh3ll.c
Posted Mar 19, 2008
Authored by Simpp

Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.

tags | tool, rootkit
systems | unix
SHA-256 | 344dd067c46597172bc90327ee89b098c5816e46349abe086be4e827d488c46c
m_rev-0.2.c
Posted Jan 30, 2008
Authored by ernie@ernie

A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).

tags | tool, x86, kernel, rootkit
systems | linux, unix
SHA-256 | c8189416cea76ef2b7593e1099350b755174245c2e87c027f52dae3aff4fe941
rathole-1.2.tar.gz
Posted Nov 30, 2007
Authored by Incognito/STK

RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.

tags | tool, shell, rootkit
systems | linux, unix, bsd, openbsd
SHA-256 | fbe5c36d731f754dcc4388d276bef0b3b889807efd52695ac4245bf802edad60
rcbd.c
Posted Oct 10, 2007
Authored by St0rM-MaN

Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.

tags | tool, remote, rootkit
systems | unix
SHA-256 | 2e1e678ec44e8a8dd04699775555f44b001eb535aa98bfd66e2d7b932893bd3c
erne.txt
Posted Sep 25, 2007
Authored by ErNe | Site biyosecurity.net

New bypass shell for Linux servers. What you don't want to find lying around in your webroot.

tags | tool, shell, rootkit
systems | linux, unix
SHA-256 | 406bc0cd44ee8416796f2a5e638f43e920086a09ef3a7eed8c7939e13adc3115
Page 3 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Says Fix For Two Exchange Zero Days On Accelerated Timeline
Posted Oct 1, 2022

tags | headline, hacker, microsoft, email, data loss, flaw
Rights Groups Say Pentagon Is Buying Its Way Around The 4th Amendment
Posted Oct 1, 2022

tags | headline, government, privacy, usa
This Is The GrayKey 2.0, The Tool Cops Use To Hack Phones
Posted Oct 1, 2022

tags | headline, government, privacy, phone, google, password, spyware, apple, cryptography
Gone In A Day: Ethical Hackers Say It Would Take Mere Hours To Empty Your Network
Posted Oct 1, 2022

tags | headline, hacker, data loss, flaw
NYPD Considers Using Encryption To Block Public From Radio Scanner Broadcasts
Posted Sep 30, 2022

tags | headline, government, usa
Microsoft Warns Of North Korean Crew Posing As LinkedIn Recruiters
Posted Sep 30, 2022

tags | headline, microsoft, cyberwar, korea
Exchange Server Zero-Day Being Actively Exploited
Posted Sep 30, 2022

tags | headline, hacker, microsoft, email, flaw, zero day
MI5 Website Briefly Hit By Denial Of Service Attack
Posted Sep 30, 2022

tags | headline, government, britain, denial of service, spyware
FBI Arrests Former NSA Employee For Trying To Sell Top Secret Documents
Posted Sep 30, 2022

tags | headline, government, usa, data loss, spyware, fbi, nsa
Ex-eBay Execs Jailed For Cyberstalking Web Critics
Posted Sep 30, 2022

tags | headline, privacy, spyware, ebay
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close