Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
0x333openssh-3.7.1p2.tar.gz |
Description:
|
Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 801501 | | Last Modified: | Sep 26 19:12:17 2003 |
| MD5 Checksum: | 008690b0235471672d814b9db06d94f4 |
|
| /// File Name: |
2minbdoor.c |
Description:
|
/bin/login backdoor by tracewar.
| | File Size: | 753 | | Last Modified: | Aug 21 00:29:29 2002 |
| MD5 Checksum: | b44ea20a28d7e2ed9260a8d96caaae9e |
|
| /// File Name: |
3vilSh3ll.c |
Description:
|
Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.
| | Author: | Simpp | | File Size: | 7272 | | Last Modified: | Mar 18 22:25:36 2008 |
| MD5 Checksum: | 9cf37a9cec5547cca5c9872fbe651b5f |
|
| /// File Name: |
4553-invader-2.1.1.tar.gz |
Description:
|
4553 - Invader v2.1.1 is source code which can append parasitic executable code to any ELF binary which causes it it to send a shell to a remote host. Uses TCP port 21317 by default.
| | Author: | Brain Storm, Resistor | | Homepage: | http://es.xor.ru | | File Size: | 3983 | | Last Modified: | Nov 27 04:50:06 2002 |
| MD5 Checksum: | e828fd8a619c206f18a7ae7ceb58344d |
|
| /// File Name: |
_root_040.zip |
Description:
|
Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides registry keys - (keyboard patch disabled in this build.) Includes execution redirection.
| | Homepage: | http://www.rootkit.com | | File Size: | 107713 | | Last Modified: | Jul 29 05:16:28 2001 |
| MD5 Checksum: | 12487fc88e78176f582cbbdbd45f2575 |
|
| /// File Name: |
aasniff.tar.gz |
Description:
|
Anti Anti Sniffer Patch - Linux kernel patches to hide a sniffer from the most known anti-sniffers.
| | Author: | Vecna | | Homepage: | http://www.s0ftpj.org | | File Size: | 2649 | | Last Modified: | Jan 4 17:55:58 2001 |
| MD5 Checksum: | 864e1c903014d25f0b1e5c91a79785b2 |
|
| /// File Name: |
adore-0.31.tar.gz |
Description:
|
Adore is a linux LKM based rootkit. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Automatic configuration, bug fixes. | | File Size: | 9738 | | Last Modified: | Jan 9 13:54:45 2001 |
| MD5 Checksum: | 4bdf75cfb7735741285ae82f5b5d4df6 |
|
| /// File Name: |
adore-0.34.tgz |
Description:
|
Adore is a linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Improved 2.4 support, better authentication checking, permanent PID removal, configure script, experimental exec redirection for i386. | | File Size: | 13470 | | Last Modified: | Mar 26 19:50:38 2001 |
| MD5 Checksum: | 69b3453f1fb1650388fc63297652d221 |
|
| /// File Name: |
adore-0.38.tar.gz |
Description:
|
Adore is a linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Added 64bit FS support, now fools protection modules as StMichael, and minor fixes. | | File Size: | 14316 | | Last Modified: | May 25 18:17:46 2001 |
| MD5 Checksum: | 72e80f9fa6ebe9358f7fd0358c8e959f |
|
| /// File Name: |
adore-0.39b4.tgz |
Description:
|
Adore is a linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Now includes open()/stat() redirection and improved netstat hiding. Removed execution redirection. | | File Size: | 14678 | | Last Modified: | Jul 29 05:48:33 2001 |
| MD5 Checksum: | 777cbd2a59268b394b79da2bda910a40 |
|
| /// File Name: |
adore-0.42.tgz |
Description:
|
Adore is a linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Added devpts fix, fixed is_secret64() to properly hide files, and fixed a memory leak. | | File Size: | 14749 | | Last Modified: | Sep 19 18:18:14 2002 |
| MD5 Checksum: | 156ded13d5e16b84a9e31193bc9bc417 |
|
| /// File Name: |
adorebsd-0.34.tar.gz |
Description:
|
AdoreBSD 0.34 - Based off Linux Adore by Stealth. Features hiding files and directories from view, makes processes invisible, hides promiscuous flag and syslog messages, execute as root, hides sysctl mib entries, netstat service hiding, authentication, and module hiding. Developed on FreeBSD 4.3-STABLE.
| | Author: | Bind | | Homepage: | http://team-teso.net | | File Size: | 9387 | | Last Modified: | May 25 18:24:56 2001 |
| MD5 Checksum: | f98864a4f927e04d6f66a010934a08a0 |
|
| /// File Name: |
all-root.c |
Description:
|
A kernel trojan (basic linux kernel module) which gives all users root.
| | Author: | Blasphemy | | File Size: | 1014 | | Last Modified: | May 1 17:47:23 1999 |
| MD5 Checksum: | 2fc84f709e328db384764211be4ac3eb |
|
| /// File Name: |
allinone.c |
Description:
|
Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
| | Author: | Lion | | Homepage: | http://www.cnhonker.com | | File Size: | 19710 | | Last Modified: | Oct 21 02:01:23 2002 |
| MD5 Checksum: | 8bc44ad107518ac38b7003c5479ca020 |
|
| /// File Name: |
apachebd.tgz |
Description:
|
Apache backdoor - Backdoors apache 1.3.17 / 1.3.19 to spawn a root shell when a certain page is requested.
| | Author: | Venomous | | File Size: | 3026 | | Last Modified: | Mar 19 03:30:44 2001 |
| MD5 Checksum: | 16607a98f128adb61a82b23f660bfc19 |
|
| /// File Name: |
ark-1.0.1.tar.gz |
Description:
|
ARK version 1.0.1 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat.
| | Author: | Ambient. | | Changes: | sshd backdoor is fixed, and top backdoor is now included. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored. | | File Size: | 526758 | | Last Modified: | Dec 30 20:34:19 2000 |
| MD5 Checksum: | be9b7c48c5102c32c72b410db8862d05 |
|
| /// File Name: |
ark-1.0.tar.gz |
Description:
|
ARK version 1.0 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored.
| | File Size: | 497089 | | Last Modified: | Dec 8 04:21:14 2000 |
| MD5 Checksum: | e5ccf93c811a9f73166051c1651001e9 |
|
| /// File Name: |
asmd.tgz |
Description:
|
ASMD is a local root backdoor which is a wrapper which can wrap any setuid binary.
| | Author: | Ripper | | File Size: | 2132 | | Last Modified: | Dec 16 22:20:36 2000 |
| MD5 Checksum: | cf80ea5f62e7ba91e765a5b5054b23f7 |
|
| /// File Name: |
audpbackdoor.tar.gz |
Description:
|
A udp based backdoor, client and server are written in perl. Uses port 520 by default.
| | Author: | Sventek | | Homepage: | http://www.elxsi.de | | File Size: | 926 | | Last Modified: | Dec 7 14:27:24 1999 |
| MD5 Checksum: | 5f7f7b42d188ec46878822181630c941 |
|
| /// File Name: |
b0stt.tar.gz |
Description:
|
Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
| | Author: | xfer | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 83433 | | Last Modified: | May 7 23:09:22 2000 |
| MD5 Checksum: | 3ca811fa7c30725b688e469ac3d73e0a |
|
| /// File Name: |
backd00r.c |
Description:
|
Unix bindshell backdoor that acts as psybnc if the password fails.
| | Author: | darkXside | | File Size: | 2948 | | Last Modified: | Mar 15 00:00:58 2005 |
| MD5 Checksum: | fd338c62f08e87b4b033bc88a47f9b9c |
|
| /// File Name: |
backdoor.tar.gz |
Description:
|
This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.
| | Author: | Dark.iNiTro | | Homepage: | http://ccb.0x48k.cc/index.php?module=files | | File Size: | 245330 | | Last Modified: | May 2 20:06:51 2007 |
| MD5 Checksum: | 3046022b733bd0ccc37165e34a2db7ad |
|
| /// File Name: |
bash-door.tar.gz |
Description:
|
Backdoors Bash-2.05 for local root.
| | Author: | Bob | | Homepage: | http://www.dtors.net | | File Size: | 2426 | | Last Modified: | Jul 8 02:45:50 2002 |
| MD5 Checksum: | c6edcabbcd0ade055d43a041c42f2c50 |
|
| /// File Name: |
BBD-0.3.tgz |
Description:
|
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.
| | Author: | Detach | | File Size: | 4694 | | Last Modified: | Aug 21 01:50:31 2002 |
| MD5 Checksum: | 2d2074b6a4c23bf8bb912ffe8dbeb658 |
|
| /// File Name: |
BBD-0.4.tgz |
Description:
|
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. Allows remote command execution and file upload.
| | Author: | Detach | | File Size: | 8618 | | Last Modified: | Nov 19 11:16:47 2002 |
| MD5 Checksum: | 17a9eaece27bbf5b5a8601c89b3b3a27 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
