KIS is the Kernel Intrusion System, a powerful client / server LKM based rootkit.
1e702e017cefbe936077a52afd9e910ef6941a061c01106f322a61e1984687a9
rpcinfo-diff is a patch for the netkit version 0.17 rpc package, allowing a target port to be set for rpcinfo. This is useful for targeting older sun machines, which run rpcbind on a udp port greater than 32770.
d0fd8bb5faecc65d974419c39913e73f6bdaf0362a8460360ad9c24f0c690f53
Kbd v3.0 is a Linux loadable kernel module backdoor. Allows root access by modifying the SYS_utime and SYS_getuid32 system calls. Can be used in conjunction with cleaner.c from the adore root for stealth capability.
1e01acc4b6519e04281fd7a9cbecefe015e166620e9d670ffc0d78520451a2d7
Sshscan.c scans for port 22, grabs server type and version. Uses a list of IPs.
7eb790e4b309675487eb6113534ae3090026d8b6fb4f55a2279b59d861b627ef
63 byte connect-read-execve - linux-x86. This shellcode connects back and ask you for code to execute.
92eee9f754961c5729bb81fd22c2deff270d912773a857cf9b7eb698cbb63222
The NeoHapsis port is a comprehensive list of ports numbers and the services/trojans that run on them. Updated Jul 19, 2001. Archive password is set to p4ssw0rd. Use at your own risk.
6e6d76d94ece75f4137ed6a65c50cec59725d7872190b24bd092786d8cef3b04
Ifconfig and Netstat trojan - reads interfaces (sit0, eth0, eth0:1) from a file , defined in a char[] array and hides it.
378ba583e2eec0f73aef01b0a8b1baa9b18c41893fa4a18fdf01ab15e557a2fa
Libwhisker is a perl module for performing whisker CGI vulnerability checks. This is a preview release.
960d4be891522dd39a4a6fc33fd4765ddb81bffe80c0002f1a0f8c849c9e1977
Skydance v3.6 is a distributed denial of service tool for Windows. Uses the IP_HDRINCL option. Tested on Win98 and Win2k. Uses ICMP for communication.
a60ab7490d90ddc3b7b5a27d0532f12cbfc6684dbb168f89e17b31b688699739