preserving full disclosure
Showing 1 - 25 of 222 RSS Feed

Files

NetcatPHPShell 1.10
Posted May 7, 2012
Authored by Mr.H4rD3n

NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 272d6d9b88fa87a16f8660e9f2a198c4
Jynx-Kit Release 2
Posted Mar 18, 2012
Authored by ErrProne

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.

Changes: Improved SSL backdoor.
tags | tool, shell, rootkit
systems | linux, unix
MD5 | c45c761a3482f2a9514aa851dd8fc7b8
Carbylamine PHP Encoder
Posted Mar 15, 2012
Authored by Prakhar Prasad | Site code.google.com

Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed.

tags | tool, php, rootkit
systems | unix
MD5 | 2a0006cd9cce2fd3adfed55243144cf7
WeBaCoo (Web Backdoor Cookie) 0.2.3
Posted Mar 13, 2012
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Single command execution mode. Multi HTTP methods support. Download / Stealth extension modules. Various other updates.
tags | tool, web, rootkit
systems | linux, unix
MD5 | 48bce3cf1ef0c9c611d66a0bd3dcfe8a
darkBC Python Connect-Back Script
Posted Feb 24, 2012
Authored by baltazar

This is a small connect-back script written in Python.

tags | tool, rootkit, python
systems | unix
MD5 | 2a7f1e94c35ca603a309de806dfd4ef6
trixd00r 0.0.1
Posted Feb 8, 2012
Authored by noptrix | Site nullsecurity.net

trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.

tags | tool, shell, udp, tcp, rootkit
systems | unix
MD5 | 01d679c8bdbcea9db29455669165e216
WeBaCoo (Web Backdoor Cookie) 0.2.2
Posted Feb 2, 2012
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Support for extension modules, MySQL CLI extension module, Upload extension module, various other additions.
tags | tool, web, rootkit
systems | unix
MD5 | b74689916ea156d422177f331fe570c8
Small Python Backdoor
Posted Jan 21, 2012
Authored by Reflex

This is a very small backdoor written in Python.

tags | tool, rootkit, python
systems | unix
MD5 | abf97854fff55fbaf20ea64011da1522
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 8e19ae8abd2570913871373fe04844fa
KBeast (Kernel Beast) Linux Rootkit 2012
Posted Jan 1, 2012
Authored by IPSECS

KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more.

tags | tool, kernel, rootkit
systems | linux, unix
MD5 | c8fbf115fdf309273ce23f94d817210f
WeBaCoo (Web Backdoor Cookie) 0.2
Posted Dec 19, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

Changes: Built in Tor proxy support. New random delimiter string for each request. Various other updates.
tags | tool, web, rootkit
systems | unix
MD5 | f4fbdca27c7a4629314c184bf09461ff
WeBaCoo (Web Backdoor Cookie) 0.1.2
Posted Dec 9, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

tags | tool, web, rootkit
systems | unix
MD5 | 983c15146c1156bde098d9e81f412157
Jynx Kit Userland Rootkit
Posted Oct 17, 2011
Authored by ErrProne

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.

tags | tool, shell, rootkit
systems | unix
MD5 | c4f68fd8a88e336f5630798bde50c913
PHP SST Sheller 1.0
Posted Oct 16, 2011
Authored by Amir Masoud

This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.

tags | tool, shell, spoof, php, rootkit, file upload
systems | unix
MD5 | f18d5418f6eb91321033867fb1fe68c6
Knull Shell Alpha1
Posted Oct 1, 2011
Authored by knull | Site leethack.info

Knull Shell Alpha1 is a PHP shell that has bind, reverse, and backpipe shells.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 1bd6d6835296305ab21cd1ec34ab8627
Ani-Shell 1.4 PHP Shell
Posted Sep 22, 2011
Authored by Aneesh Dogra

Ani-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.

tags | tool, shell, php, rootkit
systems | unix
MD5 | f789ddc02f9f16fa9f82a31ce2e0f5cf
Turtle FreeBSD Rootkit 2
Posted Aug 28, 2011
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

Changes: This rootkit now hides processes and has a remote shell over ICMP packets.
tags | tool, kernel, rootkit
systems | unix, freebsd
MD5 | cf4f4980dd9d360041e530b903ffca53
GotRoot Shell Script
Posted Aug 9, 2011
Authored by Codeine

This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.

tags | tool, root, rootkit, bash
systems | linux, unix, ubuntu
MD5 | 6ce86ef3082d68ab9743dcd313e30a22
H4ckcity Sheller Code And Tutorial
Posted Aug 7, 2011
Authored by 2MzRp, LocalMan | Site h4ckcity.org

This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.

tags | tool, php, rootkit
systems | linux, unix
MD5 | 572ec9cc7fb7f5b6b2e49748ecb5c1af
SyRiAn Sh3ll 7
Posted Jul 6, 2011
Authored by SyRiAn_SnIpEr, SyRiAn_34G13, Darkness Caesar

SyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.

tags | tool, local, php, rootkit
systems | linux, unix
MD5 | 14eb6477ac78b0442bf82f160abebc83
Viper Auto-Rooting Script
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.

tags | tool, root, rootkit
systems | linux, unix, solaris, freebsd, apple, osx
MD5 | 42b9bf4ca63a0ad78770421d06b6104c
Ncom Libcall Hijacking Rootkit
Posted Mar 27, 2011
Authored by Alessandro Grassi

Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.

tags | tool, rootkit
systems | unix
MD5 | f3dedef3547498bf5ba0ff330d86348a
Rootkit Discovered On Debian Lenny Host Post Exim Compromise
Posted Dec 17, 2010
Site reddit.com

This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.

tags | tool, remote, root, rootkit
systems | linux, unix, debian
MD5 | d0e098de3b0e436f934763810cd31189
ITSecTeam Shell 2.1
Posted Nov 2, 2010
Authored by ItSecTeam

This is a backdoor PHP shell from ITSecTeam. It can execute system commands, bypass various controls, connects to common databases and edits files and directories.

Changes: Various clean-up. Added server information, system drive listing and more.
tags | tool, shell, php, rootkit
systems | unix
MD5 | 9391509dbb36057d9a3321f76a864813
Turtle FreeBSD Rootkit
Posted Sep 30, 2010
Authored by WarGame

Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.

tags | tool, kernel, rootkit
systems | unix, freebsd
MD5 | 475ca0337888d26fa3386bf01720a210
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ICO Fines Barnet Council £70,000 For Losing Children's Data
Posted May 16, 2012

tags | headline, privacy, britain, data loss
Apple Issues Update For QuickTime On Windows
Posted May 16, 2012

tags | headline, microsoft, flaw, patch, apple
Scammers Exploit Those Hyped By Diablo III
Posted May 15, 2012

tags | headline, malware, cybercrime, fraud
Bitcoin Bank Bitcoinica Still Offline After Heist
Posted May 15, 2012

tags | headline, bank, cybercrime
Android Malware Levels Quadrupled Over Past Two Years
Posted May 15, 2012

tags | headline, malware, phone, google
Apple Updates Leopard To Remove Flashback Threat
Posted May 15, 2012

tags | headline, malware, flaw, patch, apple
Potential Links Between Google And The NSA Stay Locked
Posted May 15, 2012

tags | headline, government, privacy, usa, google, nsa
Pirate Pay Torrent Blocker Backed By Microsoft
Posted May 15, 2012

tags | headline, microsoft, pirate
Startup Proposes A Safer Internet Locale Via A '.secure' Domain
Posted May 14, 2012

tags | headline, dns
Facebook Updates Data Use Policy To Appease Irish Government
Posted May 14, 2012

tags | headline, government, privacy, facebook, social, ireland
View More News →
packet storm

© 2012 Packet Storm. All rights reserved.

close