what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 176 - 200 of 524 RSS Feed

Rootkit Files

Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
SHA-256 | 8b8bd3b4567213634fa8d095649b277321095be6c15b34acae704bab66f4b1d5
ITSecTeam Shell 1.1
Posted Sep 8, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 428640bd9e6ab10814a7560818cb822084078acd863ae3339c157e9a31c524db
Devshell Backdoor
Posted Jun 19, 2010
Authored by b374k

Devshell is a CGI backdoor kit.

tags | tool, cgi, rootkit
systems | unix
SHA-256 | e699799c202eec8044569a1867fb88d39c859b87c9907c500f63a15c122997a3
Complemento Penetration Tools 0.7.6
Posted May 6, 2010
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Changes: A segmentation fault in HTTSquash was fixed.
tags | tool, web, tcp, rootkit
systems | unix
SHA-256 | 7aa2293ebab917117aa67a1b9e45853e6dae02184c6daf984967f8daef648bd3
Kolang Safe Mode Bypass PHP Code
Posted Mar 5, 2010
Authored by Hamid Ebadi | Site bugtraq.ir

Kolang is a php script that can be leveraged in local and remote file inclusion attacks and performs safe mode bypass for PHP versions 4.3.10 through 5.3.10.

tags | tool, remote, local, php, rootkit, bypass, file inclusion
systems | unix
SHA-256 | 1b47a4a61c61f8fa62d201ad330d696103dcc72feab90a35d2506dc2474db0bd
WSH PHP Backdoor 1.0
Posted Mar 2, 2010
Authored by pleed

WSH is a very tiny PHP script backdoor with a python client that implements functionality to download and upload files and provides an interactive shell.

Changes: Various updates.
tags | tool, shell, php, rootkit, python
systems | unix
SHA-256 | e71461c2372b17db5e481e80b3d55169f8f078f09fa528e10e95691a2dfacad3
Linux Evil Bindshell
Posted Feb 20, 2010
Authored by gat3way

EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.

tags | tool, rootkit
systems | linux, unix
SHA-256 | 53782e7dfdb8ce46e8d5cbc85f2c97a2131912e4cb783b0002850349af550897
WSH PHP Backdoor
Posted Feb 12, 2010
Authored by pleed

WSH is a very tiny PHP script backdoor with a python client that implements functionality to download and upload files and provides an interactive shell.

tags | tool, shell, php, rootkit, python
systems | unix
SHA-256 | 1aa3bc57e09a913a0676c75b4255e479584d5a6ea3100fc434e851193aedce0b
complemento-0.7.5.tar.gz
Posted Feb 4, 2010
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Changes: Major updates were made in HTTSquash.
tags | tool, web, tcp, rootkit
systems | unix
SHA-256 | 09840216f79f048ced66d021350d64bdd15eac86f83998784c1b32849f4f1067
PRISM ICMP Reverse Shell 0.5
Posted Jan 18, 2010
Authored by Andrea Fabrizi | Site andreafabrizi.it

PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.

tags | tool, shell, rootkit
systems | unix
SHA-256 | a134a9b3c0e23836566ba54259b1ebb7ac86b493d52c8e0efac73c5043fef900
Hybrid Botnet System 1.0
Posted Jan 4, 2010
Authored by cross | Site x1machine.com

The Hybrid Botnet System contains a perl bot and web administration panel. It uses only one perl module and can easily be compiled with perl2exe to run on a Linux host without perl installed.

tags | tool, web, perl, rootkit
systems | linux, unix
SHA-256 | 47e4bac93e06ddbd1efbcb01de45ac67dd147ac7422d773cd47941e423e43222
Rootkit Hunter 1.3.6
Posted Nov 30, 2009
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: This release offers more ease of use and improved checks. The changelog lists 29 additions including 9 configuration options and details for 12 rootkits, 29 changes including improvements for 15 rootkit checks, and 22 bugfixes.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
SHA-256 | e3f5e21307e4876da4bc4a1521a86f1cda93ad22d4c77366876d7c170dcefc10
ZoRBaCK Connect Back Shell
Posted Nov 23, 2009
Authored by ZoRLu

This is the ZoRBaCK Connect php script that allows for a remote shell on a compromised host.

tags | tool, remote, shell, php, rootkit
systems | unix
SHA-256 | d5226055e30c86c65d275b843a2bf889713d2e585da4851f73e2b3df09c6c0e8
wtmpclean Record Wiper 0.6.7
Posted Nov 17, 2009
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: When a login is terminated by a system halt or reboot, this release prints \'down\' as the logout time. It will correctly display login times with negative values.
tags | tool, rootkit
systems | unix
SHA-256 | d54b68ed1a2b635e4e252c69427bd57bfcb99c9e27bdbd8734c034ff9b278290
Malformation's Interactive HTTP GET And POST Shell
Posted Nov 5, 2009
Authored by Malformation

This is Malformation's Interactive HTTP GET and POST Shell.

tags | tool, web, shell, rootkit
systems | unix
SHA-256 | d304cf274bb961d977a885e60060650ec032a74412bac078d3ca8f7b72aa5c21
Backconnect Script For NetBSD
Posted Nov 3, 2009

This is a back-connect script written for NetBSD and was made as a result of playing with /dev/tcp.

tags | tool, tcp, rootkit
systems | netbsd, unix
SHA-256 | b1e1f945ff91749198f69e35483773726b0afeb19cd8fbdb424ce3d6698f1376
WTMP Log Cleaner 0.6.6
Posted Oct 30, 2009
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: The cleaning of the wtmp records no longer leaves any trace, even in the raw output. The listing of user logins was improved.
tags | tool, rootkit
systems | unix
SHA-256 | f20339e9bc791d29b822e66deba35d09450a7e97036f9f88f0d36c654e216657
ISTAR Proof Of Concept Code
Posted Sep 30, 2009
Authored by Anthony Desnos | Site esiea-recherche.eu

ISTAR is a set of python code that performs various functions including use of ptrace to simulate a userland rootkit.

tags | tool, rootkit, python
systems | unix
SHA-256 | 3bb7022c0e550e915f5519e4b603de58dd1f094954e4b0c4b1307ece8b015b34
Check Rootkit 0.49
Posted Jul 30, 2009
Authored by Nelson Murilo | Site chkrootkit.org

Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.

Changes: New and enhanced tests, minor bug fixes.
tags | tool, trojan, integrity, rootkit
systems | linux, netbsd, unix, solaris, freebsd, openbsd, hpux
SHA-256 | ccb87be09e8923d51f450a167f484414f70c36c942f8ef5b9e5e4a69b7baa17f
Complemento Penetration Tools
Posted Apr 22, 2009
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Changes: Major improvements were made in all tools. LetDown now supports Python scripting for multistage protocols. ReverseRaider has many new DNS features. HttSquash has been rewritten.
tags | tool, web, tcp, rootkit
systems | unix
SHA-256 | 0fc520b857f3d367a876deab158b90287f0d8020981d24071511ca1b200f4d86
Enye LKM Rookit Modified For Ubuntu 8.04
Posted Feb 25, 2009
Authored by RaiSe | Site enye-sec.org

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.

tags | tool, remote, x86, kernel, local, root, rootkit, proof of concept
systems | linux, unix, ubuntu
SHA-256 | 4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4d
User-land Solaris 10 libc accept() Call Rootkit
Posted Feb 25, 2009
Authored by Subere, C Papathanasiou

This user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.

tags | tool, remote, shell, rootkit
systems | unix, solaris
SHA-256 | 7987443dddeca5ef652aa2a782472ce53514e94d8e6bc5c72c114202001251b2
Hybrid Botnet System 0.2
Posted Feb 9, 2009
Authored by cross | Site x1machine.com

The Hybrid Botnet Remote Administration System version 0.2 contains a perl bot, console application and HTTP administration panel using PHP and MySQL. Written for Linux.

tags | tool, remote, web, perl, php, rootkit
systems | linux, unix
SHA-256 | 18f765f9260fc55485b0a0757d882722a0b32685ebb6b1a47220fa5b29176f57
Complemento Collection Of Pentesting Tools
Posted Jan 26, 2009
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

tags | tool, web, tcp, rootkit
systems | unix
SHA-256 | 08c6ca5d023bbf50d43246bc47e894a7f12cab09a5faf2d7d3f69994cf85b2cc
wtmpclean WTMP Modification Tool
Posted Jan 16, 2009
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: Raw output highly improved. Timestamp preservation. Various other updates.
tags | tool, rootkit
systems | unix
SHA-256 | 06ff390e8f2c60cbef74d220f8da2a1dd9f150cfcec34e73563cf52cb6e2beb6
Page 8 of 21
Back678910Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close