exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 256 RSS Feed

Files

rel.tar.gz
Posted Jul 12, 2007

Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 573e2154c1af45b89c76906c7781788bce59db3910d3f9b9535468e915d4b829
mood-nt_2.3.tgz
Posted Jun 6, 2007
Authored by darkangel | Site darkangel.antifork.org

Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.

tags | tool, x86, kernel, rootkit
systems | linux, unix
SHA-256 | 012a5bab721e46dbce7f6cd37dc53ff79ac5dee9f75ea82a5b9c248d286935b8
backdoor.tar.gz
Posted May 3, 2007
Authored by Dark.iNiTro | Site ccb.0x48k.cc

This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.

tags | tool, rootkit
systems | unix, freebsd
SHA-256 | a22c42648d2f553deabe8995e837aaf579299b30c1c7d9668ee0fd365e2c32ee
openssh-4.5p1_backdoored.tar.gz
Posted Nov 16, 2006
Authored by santabug

Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.

tags | tool, rootkit
systems | unix
SHA-256 | 9a8ba9bc0a0cb4015271c8d343320c84897ad229fee3c44666e47b7b5162e52d
mood-nt.tgz
Posted Oct 24, 2006
Authored by darkangel | Site darkangel.antifork.org

Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.

tags | tool, x86, kernel, rootkit
systems | linux, unix
SHA-256 | b6fdbe271e20c2decd39606ddd7120a97d4342ab43b9ee7ead8e6981a659c90e
logginsh.txt
Posted Jun 5, 2006
Authored by Pranav Joshi, Deepak Kaul

loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 25efdb578dca2b158dfb5d8a658aba550bf036075c4bcb2b131f68efe422a7b5
pingrootkit.tar.bz2
Posted May 29, 2006
Authored by Herrumbre | Site gnuler.com.ar

Ping Rootkit executes a root shell by simply executing the well known and "trusted" command with a special argument and a password. Includes the full source code for ping as well as the patch.

tags | tool, shell, root, rootkit
systems | unix
SHA-256 | c7acdb96649bef8bef829b8576e58a4b7fd44ac4f648b44e4b5698740849a301
m0rtix.c
Posted Apr 29, 2006
Authored by jeremy still

m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.

tags | tool, shell, kernel, local, root, rootkit
systems | linux, unix
SHA-256 | dd97d5b150059d75f024e99f8576e32a171c4a1e79fea55224c739fef7a891e6
wnetstat.pl
Posted Apr 29, 2006
Authored by Andrea Purificato | Site rawlab.altervista.org

wnetstat.pl is a small perl wrapper script to hide IPs from netstat.

tags | tool, perl, rootkit
systems | unix
SHA-256 | 02bc906fe5883774a8295c8c29a77175963ce43fbd71869d1fef8126325afe45
ssheater-1.1.tar.gz
Posted Apr 6, 2006
Authored by Carlos Barros | Site gotfault.net

SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.

tags | tool, rootkit
systems | unix
SHA-256 | ddc5f0ffbef955cabdf2fb58ed422c04a74622619744e0a7698ca94c6723c5ab
r57-pid-check.txt
Posted Apr 6, 2006
Authored by x97Rang | Site rst.void.ru

pid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.

tags | tool, perl, rootkit
systems | unix
SHA-256 | c84e1506e2f1e46b1bb4e29b75e781654f04b72ae63c91d5917174c5ee8c0182
enyelkm.en.v1.1.tar.gz
Posted Feb 20, 2006
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.

Changes: Version 1.1
tags | tool, remote, x86, kernel, local, root, rootkit
systems | linux, unix
SHA-256 | 35ea2786343f647b5d0d1506a2ce375502622f51df18479aad20afe05b4ce18e
override.tar.bz
Posted Jan 27, 2006
Authored by Amir Alsbih | Site informatik.uni-freiburg.de

The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 04c076c58c76e17bab712708d97f482bcfca9fe65f29cad03d4b68cabbe13393
phalanx-b6.tar.bz2
Posted Dec 27, 2005
Authored by rebel

Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.

tags | tool, kernel, rootkit
systems | linux, unix
SHA-256 | 8d08e36aad4e2f2b6ca724385b7f3fba0f30c6ca89e770a9d239706fa1f4aeba
enyelkm.en.v1.0.tar.gz
Posted Nov 30, 2005
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.

tags | tool, remote, x86, kernel, local, root, rootkit
systems | linux, unix
SHA-256 | 607c945eb9e8b7760b860b7afda9a0934239a23077685c3bdc98f93518e535f0
rsh-v2.c
Posted Oct 31, 2005
Authored by rotor | Site c1zc0.com

Unix log cleaner that also checks to see if root is logged in.

tags | tool, root, rootkit
systems | unix
SHA-256 | 5e6f13f781904f0f4c789db79cf90ca99edbd035180408985a46970a0d8b74ce
suckit2priv.tar.gz
Posted Oct 13, 2005
Authored by sd | Site sd.g-art.nl

SucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.

tags | tool, kernel, udp, tcp, rootkit
systems | linux, unix
SHA-256 | 7fca632fdea9a39f68498af15c5cf2af2989c26aaccbd99bb62ead37a0eecc69
SInAR-0.3.tar.bz2
Posted Oct 6, 2005
Authored by Archim

SInAR Solaris rootkit version 0.3. Invisible kernel based rootkit for Solaris 8, 9, and 10. Special TAX release.

tags | tool, kernel, rootkit
systems | unix, solaris
SHA-256 | d19a7369d535bfb1d5a9c52d35003d81004f06539310402f8bee2e3b37e4db14
httpbd.pl.txt
Posted Sep 23, 2005
Authored by rav3n

httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.

tags | tool, shell, perl, rootkit
systems | unix
SHA-256 | 4c76e48efa8f53ecefbcc332995f3f43f9bbe6b96ae6069e91f28c6a58d040fb
doorman-0.81.tgz
Posted Sep 7, 2005
Authored by Bruce Ward | Site doorman.sourceforge.net

The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.

Changes: Fixed the silent doorman problem.
tags | tool, tcp, rootkit
systems | unix
SHA-256 | 3b5d27272081553f8751d3f4687b9218fa3bc905c56aa394990b3ac608cca24e
silentdoor.tar.gz
Posted Mar 17, 2005
Authored by doctor raid

SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.

tags | tool, remote, udp, rootkit
systems | linux, unix
SHA-256 | 5665922f8fe8b1dcf7030bfcdecfbb8c13d27e49c02f353d0579071ed562011c
backd00r.c
Posted Mar 15, 2005
Authored by darkXside

Unix bindshell backdoor that acts as psybnc if the password fails.

tags | tool, rootkit
systems | unix
SHA-256 | a63b89c1bb3957fc31dcd23b35f32b931de760ccb72b148bd7de29831ebf59f6
SInAR-0.2.tar.bz2
Posted Feb 18, 2005
Authored by Archim

SInAR Solaris rootkit v0.2. Invisible kernel based rootkit for Solaris 8, 9, and 10.

tags | tool, kernel, rootkit
systems | unix, solaris
SHA-256 | 8e59094c902a8a45f4cd71d579415c5f32b38e1e7a5960171b90f5a1b7db3da6
SInAR-0.1.tar.gz
Posted Jan 4, 2005
Authored by Archim

SInAR Solaris rootkit that was released at the 21st Chaos Communication Congress.

tags | tool, rootkit
systems | unix, solaris
SHA-256 | 2717af8649c7509bb5077c18ad3c6e759f11b3a129606742c0091ecb9c593e26
wX.tar.gz
Posted Nov 4, 2004
Authored by nemo | Site neil.slampt.net

WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.

tags | tool, kernel, rootkit
systems | unix, apple
SHA-256 | 3e90b2abe3d92f157460c7cb61234e34310154dedaf128616cccf864093686c1
Page 4 of 11
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close