EZMal is a Mac OS X Trojan Kit that will attach a persistent bindshell to applications.
ede6c9e28e6281d843450ff08dfd351c31a3be99c34168bd69790f9c74034168Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.
344dd067c46597172bc90327ee89b098c5816e46349abe086be4e827d488c46cA little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).
c8189416cea76ef2b7593e1099350b755174245c2e87c027f52dae3aff4fe941RatHole is a unix backdoor which compiles cleanly on standard Linux and OpenBSD (probably other BSD flavors also) without additional libraries. It features blowfish encryption, process name hiding and definition of a preferred shell. It spits no error messages (like for sockets already bound) because it is supposed to be stealth. When a client connects to the backdoor a new shell process and two pipe files are created. The I/O of the shell is duped to the pipes and the daemon encrypts the communication.
fbe5c36d731f754dcc4388d276bef0b3b889807efd52695ac4245bf802edad60Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.
2e1e678ec44e8a8dd04699775555f44b001eb535aa98bfd66e2d7b932893bd3cNew bypass shell for Linux servers. What you don't want to find lying around in your webroot.
406bc0cd44ee8416796f2a5e638f43e920086a09ef3a7eed8c7939e13adc3115Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
573e2154c1af45b89c76906c7781788bce59db3910d3f9b9535468e915d4b829Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.
012a5bab721e46dbce7f6cd37dc53ff79ac5dee9f75ea82a5b9c248d286935b8This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.
a22c42648d2f553deabe8995e837aaf579299b30c1c7d9668ee0fd365e2c32eeBackdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.
9a8ba9bc0a0cb4015271c8d343320c84897ad229fee3c44666e47b7b5162e52dMood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.
b6fdbe271e20c2decd39606ddd7120a97d4342ab43b9ee7ead8e6981a659c90eloggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.
25efdb578dca2b158dfb5d8a658aba550bf036075c4bcb2b131f68efe422a7b5Ping Rootkit executes a root shell by simply executing the well known and "trusted" command with a special argument and a password. Includes the full source code for ping as well as the patch.
c7acdb96649bef8bef829b8576e58a4b7fd44ac4f648b44e4b5698740849a301m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.
dd97d5b150059d75f024e99f8576e32a171c4a1e79fea55224c739fef7a891e6wnetstat.pl is a small perl wrapper script to hide IPs from netstat.
02bc906fe5883774a8295c8c29a77175963ce43fbd71869d1fef8126325afe45SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.
ddc5f0ffbef955cabdf2fb58ed422c04a74622619744e0a7698ca94c6723c5abpid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.
c84e1506e2f1e46b1bb4e29b75e781654f04b72ae63c91d5917174c5ee8c0182LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
35ea2786343f647b5d0d1506a2ce375502622f51df18479aad20afe05b4ce18eThe override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
04c076c58c76e17bab712708d97f482bcfca9fe65f29cad03d4b68cabbe13393Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.
8d08e36aad4e2f2b6ca724385b7f3fba0f30c6ca89e770a9d239706fa1f4aebaLKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
607c945eb9e8b7760b860b7afda9a0934239a23077685c3bdc98f93518e535f0Unix log cleaner that also checks to see if root is logged in.
5e6f13f781904f0f4c789db79cf90ca99edbd035180408985a46970a0d8b74ceSucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.
7fca632fdea9a39f68498af15c5cf2af2989c26aaccbd99bb62ead37a0eecc69SInAR Solaris rootkit version 0.3. Invisible kernel based rootkit for Solaris 8, 9, and 10. Special TAX release.
d19a7369d535bfb1d5a9c52d35003d81004f06539310402f8bee2e3b37e4db14httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
4c76e48efa8f53ecefbcc332995f3f43f9bbe6b96ae6069e91f28c6a58d040fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed