SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.
584353ff41ac6ad6a59f87eaa8b05340pid-check is a perl script that uses the kill() and setpriority() system calls to find hidden processes.
62427ef3574ea99ba8cad2d1ce2f38c9A bash script to wipe or exchange your IP in unix log files. Also wipes out /root/.bash_history.
f2407e8a4ccbde89d7ec768992803526SpoofMe Backdoor - The backdoor is composed of 3 parts. The client, the server, and a php script. The client is used to send spoofed udp packets to the victim. Theses packets contains the commands encrypted with the base64 algorithm. The server listens on a UDP port. When it receives a command, it decrypts it, executes it and encodes the output in base64. The result is sent in a HTTP (POST) packet to the php script called shell_output.php.
771abfe12e9767314a332871bef6102dA perl script to backdoor chkrootkit rendering it useless. Tested on chkrootkit version 0.44 running on Red Hat enterprise 3.
cb59ccee74aca48a68c149f2ec848d4dNabi version 2.0 - Advanced /var log wiper for Linux.
3785e854541c919e0b4838dfb49496eeLKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
89340215b6cfceb3a176c4a30e34f5c6perl shell: a simple perl backdoor script that listens for a plantext password and can run a shell. .
07262d9d9943338dfc0bcb4db4e45e90The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
31a9eb52f4907924ba9fb22287b44996Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
5d81db69b3cec316fd758ca5573fd58bNabi version 1.0 - Advanced /var log wiper for Linux.
884583c27ac9e10d07d6cb6a577a6240Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
7d94ecb535c7af9b4b65e7a222240077Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
7a7211935db1965f3ca5c7822a1497d5Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.
3d0ef3793579cd846e43a034d147ecd0LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
5896fe3e8a333c4e1e52daedc3422363Unix log cleaner that also checks to see if root is logged in.
e2e7e8f9bb27e7b5dd66041ebd4d3766SucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.
3bb82c1fddcc47456efee6f3687e4f51SInAR Solaris rootkit version 0.3. Invisible kernel based rootkit for Solaris 8, 9, and 10. Special TAX release.
544f71c02bf24ee9c0dc4e4c696abf3bhttpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
e96c0debb82cfb8f22165e943001f0baThe Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
f0f30132a541122fa46f4d6d321260d9Simple replacement binaries for netstat, ls, and ps that enable an attacker or administrator to hide specific strings.
9bf250eeebe0f27e6d5c7cfaf84ccb21StealthZapper is a less-detectable log wiper. It attempts to leave wtmp and utmp "cleaner" looking by not simply leaving a blank hole where the offending data was deleted from.
68b0a251468d22b367074c1059d7b280SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.
5a8f02eb1e1d7ca1ff8e7a30603286a3Unix bindshell backdoor that acts as psybnc if the password fails.
fd338c62f08e87b4b033bc88a47f9b9cSInAR Solaris rootkit v0.2. Invisible kernel based rootkit for Solaris 8, 9, and 10.
6e5dc76977f8b3fed2fd9f21ffc375dd
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed