Twenty Year Anniversary
Showing 76 - 100 of 255 RSS Feed

Files

mood-nt_2.3.tgz
Posted Jun 6, 2007
Authored by darkangel | Site darkangel.antifork.org

Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.

tags | tool, x86, kernel, rootkit
systems | linux, unix
MD5 | c22f5dbb5757237be40c621f487ae8e2
backdoor.tar.gz
Posted May 3, 2007
Authored by Dark.iNiTro | Site ccb.0x48k.cc

This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.

tags | tool, rootkit
systems | unix, freebsd
MD5 | 3046022b733bd0ccc37165e34a2db7ad
openssh-4.5p1_backdoored.tar.gz
Posted Nov 16, 2006
Authored by santabug

Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.

tags | tool, rootkit
systems | unix
MD5 | 98c87de1cf5683f9400828281e3f0769
mood-nt.tgz
Posted Oct 24, 2006
Authored by darkangel | Site darkangel.antifork.org

Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.

tags | tool, x86, kernel, rootkit
systems | linux, unix
MD5 | c046c7882ca919d595b8491be609d149
logginsh.txt
Posted Jun 5, 2006
Authored by Pranav Joshi, Deepak Kaul

loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.

tags | tool, rootkit
systems | linux, unix
MD5 | 59b000733a8ab35f124a73afcd31bf40
pingrootkit.tar.bz2
Posted May 29, 2006
Authored by Herrumbre | Site gnuler.com.ar

Ping Rootkit executes a root shell by simply executing the well known and "trusted" command with a special argument and a password. Includes the full source code for ping as well as the patch.

tags | tool, shell, root, rootkit
systems | unix
MD5 | e19afeeeb6309c2e3b7f6dc750ce11b2
m0rtix.c
Posted Apr 29, 2006
Authored by jeremy still

m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.

tags | tool, shell, kernel, local, root, rootkit
systems | linux, unix
MD5 | 6503eae7a42fb2d5336a3a0cde0c5bb0
wnetstat.pl
Posted Apr 29, 2006
Authored by Andrea Purificato | Site rawlab.altervista.org

wnetstat.pl is a small perl wrapper script to hide IPs from netstat.

tags | tool, perl, rootkit
systems | unix
MD5 | 8f3a29040d5ca112c203aeb2f9c2d3ac
ssheater-1.1.tar.gz
Posted Apr 6, 2006
Authored by Carlos Barros | Site gotfault.net

SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.

tags | tool, rootkit
systems | unix
MD5 | 584353ff41ac6ad6a59f87eaa8b05340
r57-pid-check.txt
Posted Apr 6, 2006
Authored by x97Rang | Site rst.void.ru

pid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.

tags | tool, perl, rootkit
systems | unix
MD5 | 62427ef3574ea99ba8cad2d1ce2f38c9
enyelkm.en.v1.1.tar.gz
Posted Feb 20, 2006
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.

Changes: Version 1.1
tags | tool, remote, x86, kernel, local, root, rootkit
systems | linux, unix
MD5 | 89340215b6cfceb3a176c4a30e34f5c6
override.tar.bz
Posted Jan 27, 2006
Authored by Amir Alsbih | Site informatik.uni-freiburg.de

The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.

tags | tool, rootkit
systems | linux, unix
MD5 | 31a9eb52f4907924ba9fb22287b44996
phalanx-b6.tar.bz2
Posted Dec 27, 2005
Authored by rebel

Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.

tags | tool, kernel, rootkit
systems | linux, unix
MD5 | 3d0ef3793579cd846e43a034d147ecd0
enyelkm.en.v1.0.tar.gz
Posted Nov 30, 2005
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.

tags | tool, remote, x86, kernel, local, root, rootkit
systems | linux, unix
MD5 | 5896fe3e8a333c4e1e52daedc3422363
rsh-v2.c
Posted Oct 31, 2005
Authored by rotor | Site c1zc0.com

Unix log cleaner that also checks to see if root is logged in.

tags | tool, root, rootkit
systems | unix
MD5 | e2e7e8f9bb27e7b5dd66041ebd4d3766
suckit2priv.tar.gz
Posted Oct 13, 2005
Authored by sd | Site sd.g-art.nl

SucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.

tags | tool, kernel, udp, tcp, rootkit
systems | linux, unix
MD5 | 3bb82c1fddcc47456efee6f3687e4f51
SInAR-0.3.tar.bz2
Posted Oct 6, 2005
Authored by Archim

SInAR Solaris rootkit version 0.3. Invisible kernel based rootkit for Solaris 8, 9, and 10. Special TAX release.

tags | tool, kernel, rootkit
systems | unix, solaris
MD5 | 544f71c02bf24ee9c0dc4e4c696abf3b
httpbd.pl.txt
Posted Sep 23, 2005
Authored by rav3n

httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.

tags | tool, shell, perl, rootkit
systems | unix
MD5 | e96c0debb82cfb8f22165e943001f0ba
doorman-0.81.tgz
Posted Sep 7, 2005
Authored by Bruce Ward | Site doorman.sourceforge.net

The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.

Changes: Fixed the silent doorman problem.
tags | tool, tcp, rootkit
systems | unix
MD5 | f0f30132a541122fa46f4d6d321260d9
silentdoor.tar.gz
Posted Mar 17, 2005
Authored by doctor raid

SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.

tags | tool, remote, udp, rootkit
systems | linux, unix
MD5 | 5a8f02eb1e1d7ca1ff8e7a30603286a3
backd00r.c
Posted Mar 15, 2005
Authored by darkXside

Unix bindshell backdoor that acts as psybnc if the password fails.

tags | tool, rootkit
systems | unix
MD5 | fd338c62f08e87b4b033bc88a47f9b9c
SInAR-0.2.tar.bz2
Posted Feb 18, 2005
Authored by Archim

SInAR Solaris rootkit v0.2. Invisible kernel based rootkit for Solaris 8, 9, and 10.

tags | tool, kernel, rootkit
systems | unix, solaris
MD5 | 6e5dc76977f8b3fed2fd9f21ffc375dd
SInAR-0.1.tar.gz
Posted Jan 4, 2005
Authored by Archim

SInAR Solaris rootkit that was released at the 21st Chaos Communication Congress.

tags | tool, rootkit
systems | unix, solaris
MD5 | 3bf1b0f2efc10febf86e95d699b68638
wX.tar.gz
Posted Nov 4, 2004
Authored by nemo | Site neil.slampt.net

WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.

tags | tool, kernel, rootkit
systems | unix, apple
MD5 | 12fa6fb5faf460fce717f8d298625bd0
n-du.tgz
Posted Sep 30, 2004
Authored by Serguei

N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.

tags | tool, udp, tcp, rootkit
systems | unix
MD5 | a18fef559fcfc16db6beadd02924cde6
Page 4 of 11
Back23456Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Hacker Banner Ads Are Totally Wild
Posted Dec 15, 2018

tags | headline, hacker, cybercrime
Special Counsel Slams Michael Flynn's Criticism Of FBI Interview
Posted Dec 15, 2018

tags | headline, government, usa, fbi
Facebook Could Face Billion Dollar Fine For Data Breaches
Posted Dec 15, 2018

tags | headline, government, privacy, data loss, facebook, social
Sextortion Gang Found To Be Behind Email Bomb Threat Spree
Posted Dec 15, 2018

tags | headline, malware, cybercrime, terror
Facebook Exposed Up To 6.8 Million Users' Private Photos
Posted Dec 15, 2018

tags | headline, privacy, data loss, flaw, facebook, social
Logitech App Security Flaw Allowed Keystroke Injection Attacks
Posted Dec 14, 2018

tags | headline, flaw
Save The Children Foundation Duped By Hackers Into Paying Out $1 Million
Posted Dec 14, 2018

tags | headline, hacker, cybercrime, fraud
Nintendo Sues Californian For Selling Modded NES Classic And Switch Hacks
Posted Dec 13, 2018

tags | headline, hacker, usa, nintendo
Charming Kitty Targeting US, Arab Officials In Wake Of Iran Sanctions
Posted Dec 13, 2018

tags | headline, government, usa, fraud, phish, iran
Extortion Emails Carrying Bomb Threats Cause Panic Across The US
Posted Dec 13, 2018

tags | headline, email, cybercrime, fraud, terror
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close