what you don't know can hurt you
Showing 51 - 75 of 255 RSS Feed

Files

GotRoot Shell Script
Posted Aug 9, 2011
Authored by Codeine

This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.

tags | tool, root, rootkit, bash
systems | linux, unix, ubuntu
MD5 | 6ce86ef3082d68ab9743dcd313e30a22
H4ckcity Sheller Code And Tutorial
Posted Aug 7, 2011
Authored by 2MzRp, LocalMan | Site h4ckcity.org

This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.

tags | tool, php, rootkit
systems | linux, unix
MD5 | 572ec9cc7fb7f5b6b2e49748ecb5c1af
SyRiAn Sh3ll 7
Posted Jul 6, 2011
Authored by SyRiAn_SnIpEr, SyRiAn_34G13, Darkness Caesar

SyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.

tags | tool, local, php, rootkit
systems | linux, unix
MD5 | 14eb6477ac78b0442bf82f160abebc83
Viper Auto-Rooting Script
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.

tags | tool, root, rootkit
systems | linux, unix, solaris, freebsd, apple, osx
MD5 | 42b9bf4ca63a0ad78770421d06b6104c
Ncom Libcall Hijacking Rootkit
Posted Mar 27, 2011
Authored by Alessandro Grassi

Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.

tags | tool, rootkit
systems | unix
MD5 | f3dedef3547498bf5ba0ff330d86348a
Rootkit Discovered On Debian Lenny Host Post Exim Compromise
Posted Dec 17, 2010
Site reddit.com

This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.

tags | tool, remote, root, rootkit
systems | linux, unix, debian
MD5 | d0e098de3b0e436f934763810cd31189
ITSecTeam Shell 2.1
Posted Nov 2, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam. It can execute system commands, bypass various controls, connects to common databases and edits files and directories.

Changes: Various clean-up. Added server information, system drive listing and more.
tags | tool, shell, php, rootkit
systems | unix
MD5 | 9391509dbb36057d9a3321f76a864813
Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
MD5 | 475ca0337888d26fa3386bf01720a210
ITSecTeam Shell 1.1
Posted Sep 8, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam.

tags | tool, shell, php, rootkit
systems | unix
MD5 | b30055c75b8c68a9c8b8f945ee5aad7c
Devshell Backdoor
Posted Jun 19, 2010
Authored by b374k

Devshell is a CGI backdoor kit.

tags | tool, cgi, rootkit
systems | unix
MD5 | 39dde46e36900c98808b11eb98aa5fbb
Linux Evil Bindshell
Posted Feb 20, 2010
Authored by gat3way

EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.

tags | tool, rootkit
systems | linux, unix
MD5 | 0572f3023b4ad5d3b046810e5442b1d8
ZoRBaCK Connect Back Shell
Posted Nov 23, 2009
Authored by ZoRLu

This is the ZoRBaCK Connect php script that allows for a remote shell on a compromised host.

tags | tool, remote, shell, php, rootkit
systems | unix
MD5 | b860aa3459439b6f1f0deafbe8336aab
ISTAR Proof Of Concept Code
Posted Sep 30, 2009
Authored by Anthony Desnos | Site esiea-recherche.eu

ISTAR is a set of python code that performs various functions including use of ptrace to simulate a userland rootkit.

tags | tool, rootkit, python
systems | unix
MD5 | b23d8c58208f2a403d208e53e8638cd1
Enye LKM Rookit Modified For Ubuntu 8.04
Posted Feb 25, 2009
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.

tags | tool, remote, x86, kernel, local, root, rootkit, proof of concept
systems | linux, unix, ubuntu
MD5 | a12a5b779ec0ab22fd03e28503ed014d
User-land Solaris 10 libc accept() Call Rootkit
Posted Feb 25, 2009
Authored by Subere, C Papathanasiou

This user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.

tags | tool, remote, shell, rootkit
systems | unix, solaris
MD5 | 0dab00507d3dfcc24d413cffa63f9143
Hacked Version Of Script
Posted Dec 9, 2008
Authored by Andrea Montanari

Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.

tags | tool, rootkit
systems | unix
MD5 | e50a753f0dad3a0479dea861496b0e51
evilshell.c
Posted Sep 3, 2008
Authored by Simpp

3vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.

tags | tool, remote, shell, rootkit
systems | unix
MD5 | 9be2c39a2ac092d94439ef53aecd613a
c99.tgz
Posted Aug 19, 2008
Authored by Kristo Pher | Site kkteam.co.uk

The Klueless Klowns Team variant of the c99 php shell.

tags | tool, shell, php, rootkit
systems | unix
MD5 | d6506a5108aaebac55098b3e56a15083
ezmal-0.2.zip
Posted Jul 31, 2008
Authored by microphone8000

EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.

tags | tool, trojan, rootkit
systems | unix, apple, osx
MD5 | 1af27ee2d196b8eccedf3762e3a16c01
3vilSh3ll.c
Posted Mar 19, 2008
Authored by Simpp

Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.

tags | tool, rootkit
systems | unix
MD5 | 9cf37a9cec5547cca5c9872fbe651b5f
m_rev-0.2.c
Posted Jan 30, 2008
Authored by ernie@ernie

A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).

tags | tool, x86, kernel, rootkit
systems | linux, unix
MD5 | 2e8bb365b19a752d7bde5b88a1045089
rathole-1.2.tar.gz
Posted Nov 30, 2007
Authored by Incognito/STK

RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.

tags | tool, shell, rootkit
systems | linux, unix, bsd, openbsd
MD5 | c652966a5d9a09c29369794979d4ac6b
rcbd.c
Posted Oct 10, 2007
Authored by St0rM-MaN

Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.

tags | tool, remote, rootkit
systems | unix
MD5 | c59b4de790f54bbf3e6e647fc4dc9fd8
erne.txt
Posted Sep 25, 2007
Authored by ErNe | Site biyosecurity.net

New bypass shell for Linux servers. What you don't want to find lying around in your webroot.

tags | tool, shell, rootkit
systems | linux, unix
MD5 | bf610ba81441e60aee255f2286010400
rel.tar.gz
Posted Jul 12, 2007

Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.

tags | tool, rootkit
systems | linux, unix
MD5 | 4015e13f814c5c33153ab49b196acd81
Page 3 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Unsecure Chtrbox AWS Database Exposes Data On 49 Million Instagram Influencers, Accounts
Posted May 21, 2019

tags | headline, privacy, amazon, data loss, facebook
Huawei's Microchip Vulnerability Explained
Posted May 21, 2019

tags | headline, government, usa, china, flaw, cyberwar, spyware
Linux Variant Of Winnti Malware Spotted In Wild
Posted May 21, 2019

tags | headline, malware, linux
Baltimore Ransomware Nightmare Could Last Weeks More
Posted May 21, 2019

tags | headline, government, usa, cybercrime, fraud, cryptography
Trump's U.S. Golf Association Account Got Hacked
Posted May 20, 2019

tags | headline, hacker, government, usa
Instagram Hacker Forum Gets Hacked By Hackers
Posted May 20, 2019

tags | headline, hacker, facebook
Slack Bug Allows Remote File Hijacking, Malware Injection
Posted May 20, 2019

tags | headline, malware, data loss, flaw
Over 20k Linksys Routers Leak Every Device Ever Connected
Posted May 20, 2019

tags | headline, privacy, data loss, flaw, cisco
Everything You Need To Know About GDPR
Posted May 17, 2019

tags | headline, government, privacy
Magecart POS Malware Found On Forbes Subscription Page
Posted May 17, 2019

tags | headline, hacker, malware, bank, cybercrime, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close