This is a auto logger for Amuser-net BBS which is used in the many Japanese underground sites
80653f6e1487e011985dfd86c164d0cf36943b4d7308752dc4124f262cb28c83This utility lists the servers which have the security vulnerabilities of CGI program. This utility supports the pht, test-cgi, nph-test-cgi, campas, htmlscritp, servce, pwd. The addition of new vulnerabilities is very easy.
d4a27daf41edaca44387d84582a47076dd8c2e2c284b8050549e4fece0afa2f9The simple full-connection TCP port scanner. This utility lists the servers that open the specified port.
2c2f178a0939dd3208042185eefd81b52fe57d32f8e190530bd6b4b8757524b9ftp trojan logs the hostname, username, and password when the local users use the ftp.
8a3d1bd7795300d33e45002f6a46e071fbefb450870201eac7e1aeee73cf0a9cThis program is one of the ethernet packet sniffer for LINUX, FreeBSD, SunOS4.1, Solaris2, and IRIX that can log the all packets in each session of telnet, rlogin, pop3, ftp. If you install this program in the cracked server, you can also know the cracking process and the location of rootshell by the crackers. The logs of this tool is the evidence of the cracking, this tool is also useful for admin.
df2a9e01a85bafb69aa416188ed1cea017047015bc99aa5c1a9d0cd67e4d0ac5A generic banner scanner. eg scan for qpop 110, wuftpd 21, wingates 23, telnet banners 23, etc etc
6c91acdac7860bc6c8f947323fff0c03f4c97d8fd8cebfb891ee6248e6f1150cThis is one of the rootshell program. This program will be rootshell if you specify the special argment. If the special argment is not specified, this program calls a specified program. So, you name this program as well known suid program, it's very difficult for admins to find.
ba06871c2d769a971556d49a3506b1b662ad02c2bd398bf1eee677942ec8d211Improved version of hrs. You can easy install hrs by this shell script.
bb00d2adbb3299e05be6dd492a6aa1c6f7109d49838345be8584b4595bcec1abThis program checks many IRIX security holes automatically. If you are admin, can check easily the security vulnerabilities of each IRIX. Don't use for the auto attack. This scanner contains the ttdbserver attack, this function is based on the script which is developped by the rootshell. thanks.
fdb645ddef470ad46457b433af158fdcca322e238d6798e1a9c1d9a0dfd44190If the access log is wiped by using the log wiper, the logs are not displayed by the last command. However, the general log wipers such as "zap" write the null on the specified entry of logfile, so you can check the log files whether the logs are wiped. This utility shows the all entries, you can analyze the logfile.
3d85c540b4466b4f0046f37f7823bf8d909d2cfc7cca3cca4fd844009d00ddb0This is the telnet trojan based on GNU telnet. The all operation which is included the server name, username, and password can be logged. This trojan can be installed with non-root user, if the user account is used by many crackers, you can also know the cracking process and the location of rootshell.
772aa87aaaff02ac2c8e2fbdb7bac4c795c3cfc7038c374d173d70662003a04cPasswd trojan for freeBSD.
cdd23a2c21d690c20992f80c2ec62f9026e95849ee543c69944edba7a913e4b0Passwd trojan for IRIX. This trojan logs the username and password, and mails such information to you.
09d660e6270d32cdfff43d868a72322ba1e8dab294bc930609334181ca2f9b3cPasswd trojan for LINUX.
4db56a2c0f204a8959f80a1ffcf2bf945efa79d4229a6248ed56a139d073c0abPasswd trojan for Solaris.
ef068708f03fa03d4e1212a40a9379fe4e30c77bae2c0e73b6d1a7b8abed5ae9Passwd trojan for SunOS4.
6705d48e71bcd62325368a30a22a9fea3ac169cb5d6df54b833142a483c59486This is the "/.rhosts" backdoor creation daemon. This is the faked telnetd, if you connect to the telnet port of the target host which is installed this daemon from the specified host, the "/.rhosts" is rewrited to "+ +", you can login to the target host by the "rlogin target -l root". Of course, the telnetd can be used normally.
c32ec321ca871c53d08c5f8fb36a055972ee9910a8d122593a2f2f31efa11dcfIn the Penguin Toolbox, I published the exploit code that can send and execute a trojan program which is prepared in the attacker host, this is server program which is used by such exploits. This program sends the "*.exe" program to the victim host, and the exploit code executes it.
3785acd89b0627bb0ef8d5130be987022c5b53f167ba149a946ecd9ecf90d7f0This is the simple half-open and stealth TCP port scanner. In the half-open mode, this program can recognize the OS type of target host.
32e709a661e220b738d8af8a04858a9eada7064b9ef38ccedab2e39d546a9dacIf you install the ps faker, ifconfig faker, and HRS, the size of such programs will be smaller than original commands. This program adjusts the size of executable program, avoids the size check.
2413610b36dcae7b4fba1e18c2f42262d83be3f8ecfc23618f09a66ace891e30SU trojan for Digital.
f864eead797fb8ef81bfa7a1ebcd0e0493d4376e36a4cf31aff05b0607f7977eSU trojan for IRIX. This trojan logs the passwords. If you install the su trojan correctry, local users or admin fails the first "su", and the password which is inputed to su trojan has been logged to the specified file.
b9a61aed270653dede216eaf5ac1c259c5ea5419f9ee880e78b1b886f82ed8d5SU trojan for Solaris2.4
7d451e5c81e8a9f61f40a23f691d0dbec1c4886050391aaf2366daa9bfa85f92SU trojan for Solaris2.5
55fb124bfca319c507f664170de672439a7c1d8d4cca67cebf1f05fef5b415ddSU trojan for SunOS4
4938fe0ec4e5d98391a438fef24aaf9aa7237fd94200a3cdf7746374df1a81cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed