Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
899ef5eaa62de197df74c60aa27e94f9f84b18f384f3eaa0a52cc07eb0ef9ce4Bindshell which has a password and defaults to tcp port 1348.
5ae671e4b92990eb804684953786411f2555018f5972af949e85c632199ee422Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
e3fb9f9f65c704ddf3602b2cf854c54524ca1cacb73518276e083cfaff3953dbBackdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.
cba676dad9c6caff1464d156aa462f531899bd8d3dab808f4329914f0e04fe19SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3). First non-beta release.
ffc45768392cf09fe2900f34b446cd2d7cea37006a4380209f4b224ae58e4b13firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting. Written in Java 1.4, so it is very small and can run on both Linux and Win32 without modifications. Source file included.
0e1ab0a961683d87dd2a4dab9f692fd310b4aaf55c7537816f69d508ead51b21Updated version of a utility that removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
553849b50859a2ec31d02ea337e149add5e80f08a06bab161ebfd2faf978f052This utility removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
1a65bc5b515606ae0a738c74395b3b5abac289826e46616fd86d68bcd4dc0908Blowdoor v3.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
d0efcb0d097e945cd6f9af81c4f3ccc3b2a09fd3782a8723520953441cad5ff3Mr-Lynd0 is a log cleaner and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp. Version 1.2 released with bugfixes.
e21cfc158bbcfbd10d0c81401e527a555d73d32e71dd8746414c960227f7d356OpenBSD and NetBSD LKM which hides files by patching getdirentries().
281adc79edc85e83c7b2c663fcc68dfbea7fdb717f4948665d758518e709e6bfES-Malaria is a ptrace() injector.
36d3fb1c48fc05a1b0e75c268e9fa73707421773ed806f8f0cb015c874a49a1eSneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
68642e29c750a07324bbd4b41c47ada6295fab5d3d2fd03cca555ec48dd88322Trojan /bin/login.
08a2db6a5fd39499b85f17438742623ff3cc30354aa3f5a797831cc0f0b5cfc94553 - Invader v2.1.1 is source code which can append parasitic executable code to any ELF binary which causes it it to send a shell to a remote host. Uses TCP port 21317 by default.
0c6a10e80235d530fd829513fd77b7d0d73a2293de197e444ed142bb554b173dLatte is a little unix backdoor which only allows one UID to use it.
36a540fdd14f8ef987bd47009981917b9ca200a54600f80626fd589f19ae0261BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. Allows remote command execution and file upload.
c94ce4de6648788702f30b912502e40e620be28a93775923d332ef123cb969b4Ownit is a script that installs libnet, libnids, and dsniff on a system.
c95d409b8135112ec06fe4c0749d40c74ae16248fa15be0723e45e5e18b6e77dSneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
7995080d8ef82352cec03420727e8d2eb5a74d0dc5ada7ad5b48d89fcf6aa397Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
564386d1467a24eda7b936061486582973aa2faf5391ccf1aefa2a6eda2b0bc9Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
8f201af10c9ea8b56334a03fde6e27f55687f913f7e789605ebcb8bfbb2472e3cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
6582a93af3efb8e2b4b5232628521124237397ec7868667e1a8f244c4e6d2592FLEA is a linux rootkit for all distributions.
1418ef1097de4a79f600218cad9b6a181eda2e8f9f5ed8d5e3b27b95fd6b7290Fuck'it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
ecda413afe774928a09b55ef7af38e67fd7c7f3fb6daa26f1ef757be52df5313The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
96dd1e43908212e0dc4ef397abb29aaff477566103061db23da2fb10ca26af26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed