Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
899ef5eaa62de197df74c60aa27e94f9f84b18f384f3eaa0a52cc07eb0ef9ce4
Bindshell which has a password and defaults to tcp port 1348.
5ae671e4b92990eb804684953786411f2555018f5972af949e85c632199ee422
Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
e3fb9f9f65c704ddf3602b2cf854c54524ca1cacb73518276e083cfaff3953db
Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.
cba676dad9c6caff1464d156aa462f531899bd8d3dab808f4329914f0e04fe19
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3). First non-beta release.
ffc45768392cf09fe2900f34b446cd2d7cea37006a4380209f4b224ae58e4b13
firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting. Written in Java 1.4, so it is very small and can run on both Linux and Win32 without modifications. Source file included.
0e1ab0a961683d87dd2a4dab9f692fd310b4aaf55c7537816f69d508ead51b21
Updated version of a utility that removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
553849b50859a2ec31d02ea337e149add5e80f08a06bab161ebfd2faf978f052
This utility removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
1a65bc5b515606ae0a738c74395b3b5abac289826e46616fd86d68bcd4dc0908
Blowdoor v3.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
d0efcb0d097e945cd6f9af81c4f3ccc3b2a09fd3782a8723520953441cad5ff3
Mr-Lynd0 is a log cleaner and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp. Version 1.2 released with bugfixes.
e21cfc158bbcfbd10d0c81401e527a555d73d32e71dd8746414c960227f7d356
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
281adc79edc85e83c7b2c663fcc68dfbea7fdb717f4948665d758518e709e6bf
ES-Malaria is a ptrace() injector.
36d3fb1c48fc05a1b0e75c268e9fa73707421773ed806f8f0cb015c874a49a1e
Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
68642e29c750a07324bbd4b41c47ada6295fab5d3d2fd03cca555ec48dd88322
Trojan /bin/login.
08a2db6a5fd39499b85f17438742623ff3cc30354aa3f5a797831cc0f0b5cfc9
4553 - Invader v2.1.1 is source code which can append parasitic executable code to any ELF binary which causes it it to send a shell to a remote host. Uses TCP port 21317 by default.
0c6a10e80235d530fd829513fd77b7d0d73a2293de197e444ed142bb554b173d
Latte is a little unix backdoor which only allows one UID to use it.
36a540fdd14f8ef987bd47009981917b9ca200a54600f80626fd589f19ae0261
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. Allows remote command execution and file upload.
c94ce4de6648788702f30b912502e40e620be28a93775923d332ef123cb969b4
Ownit is a script that installs libnet, libnids, and dsniff on a system.
c95d409b8135112ec06fe4c0749d40c74ae16248fa15be0723e45e5e18b6e77d
Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
7995080d8ef82352cec03420727e8d2eb5a74d0dc5ada7ad5b48d89fcf6aa397
Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
564386d1467a24eda7b936061486582973aa2faf5391ccf1aefa2a6eda2b0bc9
Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
8f201af10c9ea8b56334a03fde6e27f55687f913f7e789605ebcb8bfbb2472e3
cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
6582a93af3efb8e2b4b5232628521124237397ec7868667e1a8f244c4e6d2592
FLEA is a linux rootkit for all distributions.
1418ef1097de4a79f600218cad9b6a181eda2e8f9f5ed8d5e3b27b95fd6b7290
Fuck'it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
ecda413afe774928a09b55ef7af38e67fd7c7f3fb6daa26f1ef757be52df5313
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
96dd1e43908212e0dc4ef397abb29aaff477566103061db23da2fb10ca26af26