exploit the possibilities
Showing 51 - 75 of 255 RSS Feed


GotRoot Shell Script
Posted Aug 9, 2011
Authored by Codeine

This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.

tags | tool, root, rootkit, bash
systems | linux, unix, ubuntu
MD5 | 6ce86ef3082d68ab9743dcd313e30a22
H4ckcity Sheller Code And Tutorial
Posted Aug 7, 2011
Authored by 2MzRp, LocalMan | Site h4ckcity.org

This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.

tags | tool, php, rootkit
systems | linux, unix
MD5 | 572ec9cc7fb7f5b6b2e49748ecb5c1af
SyRiAn Sh3ll 7
Posted Jul 6, 2011
Authored by SyRiAn_SnIpEr, SyRiAn_34G13, Darkness Caesar

SyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.

tags | tool, local, php, rootkit
systems | linux, unix
MD5 | 14eb6477ac78b0442bf82f160abebc83
Viper Auto-Rooting Script
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.

tags | tool, root, rootkit
systems | linux, unix, solaris, freebsd, apple, osx
MD5 | 42b9bf4ca63a0ad78770421d06b6104c
Ncom Libcall Hijacking Rootkit
Posted Mar 27, 2011
Authored by Alessandro Grassi

Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.

tags | tool, rootkit
systems | unix
MD5 | f3dedef3547498bf5ba0ff330d86348a
Rootkit Discovered On Debian Lenny Host Post Exim Compromise
Posted Dec 17, 2010
Site reddit.com

This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.

tags | tool, remote, root, rootkit
systems | linux, unix, debian
MD5 | d0e098de3b0e436f934763810cd31189
ITSecTeam Shell 2.1
Posted Nov 2, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam. It can execute system commands, bypass various controls, connects to common databases and edits files and directories.

Changes: Various clean-up. Added server information, system drive listing and more.
tags | tool, shell, php, rootkit
systems | unix
MD5 | 9391509dbb36057d9a3321f76a864813
Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
MD5 | 475ca0337888d26fa3386bf01720a210
ITSecTeam Shell 1.1
Posted Sep 8, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam.

tags | tool, shell, php, rootkit
systems | unix
MD5 | b30055c75b8c68a9c8b8f945ee5aad7c
Devshell Backdoor
Posted Jun 19, 2010
Authored by b374k

Devshell is a CGI backdoor kit.

tags | tool, cgi, rootkit
systems | unix
MD5 | 39dde46e36900c98808b11eb98aa5fbb
Linux Evil Bindshell
Posted Feb 20, 2010
Authored by gat3way

EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.

tags | tool, rootkit
systems | linux, unix
MD5 | 0572f3023b4ad5d3b046810e5442b1d8
ZoRBaCK Connect Back Shell
Posted Nov 23, 2009
Authored by ZoRLu

This is the ZoRBaCK Connect php script that allows for a remote shell on a compromised host.

tags | tool, remote, shell, php, rootkit
systems | unix
MD5 | b860aa3459439b6f1f0deafbe8336aab
ISTAR Proof Of Concept Code
Posted Sep 30, 2009
Authored by Anthony Desnos | Site esiea-recherche.eu

ISTAR is a set of python code that performs various functions including use of ptrace to simulate a userland rootkit.

tags | tool, rootkit, python
systems | unix
MD5 | b23d8c58208f2a403d208e53e8638cd1
Enye LKM Rookit Modified For Ubuntu 8.04
Posted Feb 25, 2009
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.

tags | tool, remote, x86, kernel, local, root, rootkit, proof of concept
systems | linux, unix, ubuntu
MD5 | a12a5b779ec0ab22fd03e28503ed014d
User-land Solaris 10 libc accept() Call Rootkit
Posted Feb 25, 2009
Authored by Subere, C Papathanasiou

This user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.

tags | tool, remote, shell, rootkit
systems | unix, solaris
MD5 | 0dab00507d3dfcc24d413cffa63f9143
Hacked Version Of Script
Posted Dec 9, 2008
Authored by Andrea Montanari

Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.

tags | tool, rootkit
systems | unix
MD5 | e50a753f0dad3a0479dea861496b0e51
Posted Sep 3, 2008
Authored by Simpp

3vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.

tags | tool, remote, shell, rootkit
systems | unix
MD5 | 9be2c39a2ac092d94439ef53aecd613a
Posted Aug 19, 2008
Authored by Kristo Pher | Site kkteam.co.uk

The Klueless Klowns Team variant of the c99 php shell.

tags | tool, shell, php, rootkit
systems | unix
MD5 | d6506a5108aaebac55098b3e56a15083
Posted Jul 31, 2008
Authored by microphone8000

EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.

tags | tool, trojan, rootkit
systems | unix, apple, osx
MD5 | 1af27ee2d196b8eccedf3762e3a16c01
Posted Mar 19, 2008
Authored by Simpp

Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.

tags | tool, rootkit
systems | unix
MD5 | 9cf37a9cec5547cca5c9872fbe651b5f
Posted Jan 30, 2008
Authored by ernie@ernie

A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).

tags | tool, x86, kernel, rootkit
systems | linux, unix
MD5 | 2e8bb365b19a752d7bde5b88a1045089
Posted Nov 30, 2007
Authored by Incognito/STK

RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.

tags | tool, shell, rootkit
systems | linux, unix, bsd, openbsd
MD5 | c652966a5d9a09c29369794979d4ac6b
Posted Oct 10, 2007
Authored by St0rM-MaN

Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.

tags | tool, remote, rootkit
systems | unix
MD5 | c59b4de790f54bbf3e6e647fc4dc9fd8
Posted Sep 25, 2007
Authored by ErNe | Site biyosecurity.net

New bypass shell for Linux servers. What you don't want to find lying around in your webroot.

tags | tool, shell, rootkit
systems | linux, unix
MD5 | bf610ba81441e60aee255f2286010400
Posted Jul 12, 2007

Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.

tags | tool, rootkit
systems | linux, unix
MD5 | 4015e13f814c5c33153ab49b196acd81
Page 3 of 11

Top Authors In Last 30 Days

Recent News

News RSS Feed
Putin To Trump: Let's Collude To Stop Election Hacking
Posted Sep 29, 2020

tags | headline, government, usa, russia, fraud
Flightradar24 Hit By Third Cyber Attack In Two Days
Posted Sep 29, 2020

tags | headline, hacker, denial of service
These Hackers Spent Months Hiding Out In Company Networks Undetected
Posted Sep 29, 2020

tags | headline, hacker, government, data loss, cyberwar
US Government Won't Detail How TikTok Is A Security Threat
Posted Sep 29, 2020

tags | headline, government, privacy, usa, china, cyberwar, spyware, social
Hack Lets You Track The International Space Station With An NES
Posted Sep 28, 2020

tags | headline, hacker, space, nintendo, science
Feds Warn Disinformation Will Be Spamming US Voters
Posted Sep 28, 2020

tags | headline, government, email, usa, russia, china, spam, fraud
Airbnb Bug Let You Read Other People's Account Messages
Posted Sep 28, 2020

tags | headline, hacker, privacy, data loss, flaw
UHS Hospital Network Hit By Ransomware Attack
Posted Sep 28, 2020

tags | headline, malware, cybercrime, fraud, cryptography
Alien Android Banking Trojan Sidesteps 2FA
Posted Sep 25, 2020

tags | headline, malware, bank, phone, trojan, cybercrime, fraud, google
Cambridge Analytica's Ex-CEO Banned From Running Companies
Posted Sep 25, 2020

tags | headline, privacy, data loss, fraud, spyware, facebook
View More News →
packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By