trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
fb11308261e9f479a6f9cbbb82668d53c8a257caa0245ec4fb24c3d7a47feca1
Troier is a package of trojaned linux commands. Includes du, locate, netstat, ps, pstree, top, w, and who.
36639e9cd73d3706b82e255356a62bb0d1004cbb508747d25be9960364a72ada
Darkside is a rootkit for unix which hides processes and their children, hides files, manipulates uid's, and modifies the tcp/ip stack to hide connections.
eb276d600410c8a211cbf397f2b173e3e4002a0aa9941df781e69f1c181d746b
SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
ac70dd5c43e7220631199e96f023cd06a6796d6689b45217f7c81ade8e2345b3
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
54ff25e46677231b2fc92927a45b716aa7cffc530903b1efb79922544c1dcd02
Backdoor shell script to be run from cron monthly.
4a51bcecc880b78e5845e0c1ac80f9ec82f41bd9dad31c57256aed344a399b3c
shtroj2.c is an auto-hiding back door kernel module for linux that executes an arbitrary command when the environment variable TERM is set to a specific password on the execution of a program. Can be used to drop immediately to a functional tty-based shell instead of running /bin/login with sshd and telnetd.
2a5e1ed71748161de81d6d0a9b0b72b1da9a35faa6043246f127de53b3988ac9
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesn't write anything to the logs.
259dd32e71927e99de52ad09974eeb6521a51b49a626f6d18e3ed47d5da6bfd9
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
846d1a294f28721aa038c839384a72e8fc9b706324f5426a23df837e297075f2
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
65218b8628ccf90b31968d77f356467c7ff3ab2195dd393e39834620308e4c3b
KIS is the Kernel Intrusion System, a powerful client / server LKM based rootkit.
1e702e017cefbe936077a52afd9e910ef6941a061c01106f322a61e1984687a9
Kbd v3.0 is a Linux loadable kernel module backdoor. Allows root access by modifying the SYS_utime and SYS_getuid32 system calls. Can be used in conjunction with cleaner.c from the adore root for stealth capability.
1e01acc4b6519e04281fd7a9cbecefe015e166620e9d670ffc0d78520451a2d7
Ifconfig and Netstat trojan - reads interfaces (sit0, eth0, eth0:1) from a file , defined in a char[] array and hides it.
378ba583e2eec0f73aef01b0a8b1baa9b18c41893fa4a18fdf01ab15e557a2fa
Modhide1.c demonstrates a new method of hiding kernel modules which does not trigger any normal detection techniques because it does not change lsmod or the system call table. Instead it hacks the kernel's memory to make it "forget" the module.
0a87b973516873f2b069e3b3d61def3144776cfcecb3dec5ab65fdef5d8cfd01
Knark v2.4.3 port is a usable kernel-based rootkit for Linux which is based on knark-0.59. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects. Also includes a kernel module to protect Linux 2.4 from knark.
8f5c94bc7b4e6109a69cfbf0ba826b846e208300a3e71f1087b0b034814e1d8d
kbdis.c disables the keyboard on most x86 systems. Useful for locking out root in a pinch.
d2559c85ee2c388d2f54bb79b4cf3e6bd5941488ee9e21421191f8c9b35e5618
Netstat.zip is a fake windows netstat which can hide certain network connections. Requires renaming the original netstat.
860b6249299c2c517df0fd8b78e310c871640ce3fb745d90fcb466415384b19b
Infiltrator is a unix trojan creation program.
f538703019e4a991af5d5a97ce7ca5743e75d0f6ba39ee62c4426093a2f86309
Apache backdoor - Backdoors apache 1.3.17 / 1.3.19 to spawn a root shell when a certain page is requested.
e698c564d4808ff114e58bf39b34e7af99192e7dd9bcc390a7b4266e71965926
Synapsis is a LKM rootkit for Linux which features file hiding, process hiding, user hiding, magic UID, and netstat hiding.
299a271382e7e36674ad25e835c29e4593253f9ee645b9906c074ec6c3d5e012
RKit is a Linux LKM backdoor/rootkit which intercepts the SYS_setuid call and ups a specified UID to 0 when that user logs in thereby successfully (and covertly) backdooring the root account.
9e0558a46516706382a2647e56185358b0531f40282626e1c0cbf6705a4a05d2
CBD.c is a simple backdoor which allows machines behind firewalls to be controlled via outgoing connections.
72680bcedec7e00dde9290e30fe7813178a5b8cda122558b6d3a49b9871d7c3c
Eshell.c is a encrypted bindshell type backdoor which has a server daemon and client with AES encryption via libmix.
c32ad105680ad262b5dca88fcaaaf43d24a5994d3d79f9243bfc0001ca76c38b
ARK version 1.0.1 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat.
5290ad219fe7b4656f8b268a1ab9f24a89683b677de4edb5caa6daa1708933b0