.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / UNIX / penetration / rootkits /

The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.

Page 7 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 150 - 175 of 217

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	ark-1.0.1.tar.gz
Description:	ARK version 1.0.1 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat.
Author:	Ambient
Changes:	sshd backdoor is fixed, and top backdoor is now included. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored.
File Size:	526758
Last Modified:	Dec 30 20:34:19 2000
MD5 Checksum:	be9b7c48c5102c32c72b410db8862d05

/// File Name:	asmd.tgz
Description:	ASMD is a local root backdoor which is a wrapper which can wrap any setuid binary.
Author:	Ripper
File Size:	2132
Last Modified:	Dec 16 22:20:36 2000
MD5 Checksum:	cf80ea5f62e7ba91e765a5b5054b23f7

/// File Name:	lbk.tar.gz
Description:	LBK is a local kernel based (kld) backdoor for FreeBSD 4.0 which provides a root shell if the TERM environment variable is set with the password.
Author:	Cyrax
Homepage:	http://www.pkcrew.org
File Size:	1190
Last Modified:	Dec 11 19:02:06 2000
MD5 Checksum:	9c0ce7942d25d16b8b7571dc588039f0

/// File Name:	ark-1.0.tar.gz
Description:	ARK version 1.0 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored.
File Size:	497089
Last Modified:	Dec 8 04:21:14 2000
MD5 Checksum:	e5ccf93c811a9f73166051c1651001e9

/// File Name:	rkit.tar.gz
Description:	Rkit is a backdoor based on blackhole.c which listens on a TCP port and requires a password.
Author:	Deathrow
Homepage:	http://deathr0w.speckz.com/index.html
File Size:	2721
Last Modified:	Dec 3 11:20:52 2000
MD5 Checksum:	8cd3dd5deb68b4331d9ef2daaaf04400

/// File Name:	ddb-sfe.tar.gz
Description:	A backdoor that lets you to reach root/user account shells over tcp channel using a procedure of callback initialized by a ICMP packet.
Author:	The Recidjvo
Homepage:	http://www.pkcrew.org
File Size:	3447
Last Modified:	Dec 2 21:25:51 2000
MD5 Checksum:	8e1eeb8715c5e2283f2db800d0ef06f7

/// File Name:	ddb.tar.gz
Description:	A backdoor that allows you to keep remote access to a shell on a LAN protected by masquerading, getting rid of the inability for non public address to listen to a port reachable from the Internet.
Author:	The Recidjvo
Homepage:	http://www.pkcrew.org
File Size:	6937
Last Modified:	Dec 2 21:23:49 2000
MD5 Checksum:	160a48a5b3c8e479102e10689731737d

/// File Name:	Rial.c
Description:	RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn't find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.
Author:	Technok
Homepage:	http://www.pkcrew.org
File Size:	8893
Last Modified:	Dec 2 21:19:05 2000
MD5 Checksum:	3bb687667a69ddc3cd274eb1ffac0719

/// File Name:	inetdfun.tar.gz
Description:	Inetdfun is a public version of an inetd backdoor which uses ICMP to trigger a remote shell. Includes readme and source diff.
Author:	Wildandi
Homepage:	http://segfault.net/~wildandi
File Size:	1861
Last Modified:	Nov 11 20:24:47 2000
MD5 Checksum:	41dd75e78dd7a1d92e340a9a5cfdb0d3

/// File Name:	tk.tgz
Description:	Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
Author:	Johnny7
File Size:	343567
Last Modified:	Sep 18 19:44:39 2000
MD5 Checksum:	2332de2af78eca68542fa30fb2d37283

/// File Name:	whodo.c
Description:	Whodo.c is a simple local backdoor for the Solaris whodo command.
Author:	Dr. Genius
File Size:	20226
Last Modified:	Aug 17 12:56:35 2000
MD5 Checksum:	7ebf7fd1c6e52d36f0e165c4185020d4

/// File Name:	tcpd-byp.tar.gz
Description:	Modified tcp wrappers which bypass restrictions in hosts.deny and hosts.allow.
Author:	God-
Homepage:	ftp://haxordot.org/pub/god-/
File Size:	14905
Last Modified:	Aug 5 23:07:04 2000
MD5 Checksum:	ac6a784b6ca87296554ef4544558b0d3

/// File Name:	netstat.sh
Description:	Netstat.sh is a shell script which compiles a C wrapper around /bin/netstat which hides a class B address space.
Author:	God-
Homepage:	ftp://haxordot.org/pub/god-/
File Size:	1125
Last Modified:	Aug 5 23:01:47 2000
MD5 Checksum:	1aaeb2723b4dba0eb612ef3fbfea415f

/// File Name:	bd.pl
Description:	bd.pl is a backdoor written in perl which sits on port 33556 by default, requires a password, and unsets the history environment variables.
Author:	Mugwump Mugwump
File Size:	959
Last Modified:	Jul 24 19:46:07 2000
MD5 Checksum:	b4aea0b2942de55ca24b6bbe25b467f2

/// File Name:	lrk-4.1.tar.gz
Description:	Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed. Includes a better find patch, fixed install of pidof / killall, fixed rshd patch, compilation fixes, and more. Released 11-may-2000, tested on Linux kernel 2.2.6, Slackware 4.0.
Author:	Rolling
File Size:	890103
Last Modified:	Jul 22 03:20:26 2000
MD5 Checksum:	3028892d2463f353e24419a83cccb1b3

/// File Name:	md5bd.c
Description:	md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
Author:	Mixter
Homepage:	http://1337.tsx.org
File Size:	3004
Last Modified:	Jul 15 17:48:54 2000
MD5 Checksum:	2fa9b94368cf2d9b511d009aece38bce

/// File Name:	hhp-SSH_TROSNIFF.tgz
Description:	hhp-trosniff is a complete package of patches to modify ssh, ssh2, sshd, ssh2d, and opensshd to extract and log the Incoming/Target HostName/UserName/Password. Intended to log brute force attacks and deleted users who try to gain access.
Author:	Loophole
File Size:	4064
Last Modified:	Jun 21 19:31:24 2000
MD5 Checksum:	8bc929c223f30bbea750ab01ca5fdd70

/// File Name:	sendmailcftrojan.tar.gz
Description:	Backdoored sendmail.cf - Install on a system that is running sendmail it allows you to spawn an xterm on any remote host.
Author:	Naif
File Size:	20829
Last Modified:	Jun 14 12:47:05 2000
MD5 Checksum:	027013770bd78a014196b2f5b2adb3b3

/// File Name:	cd00r.c
Description:	cd00r.c is a proof of concept code to test the idea of a completely invisible (read: not listening) backdoor server. Standard backdoors and remote access services have one major problem - the port's they are listening on are visible on the system console as well as from outside (by port scanning). To activate the remote access service, one has to send several packets (TCP SYN) to ports on the target system. Which ports in which order and how many of them can be defined in the source code.
Author:	FX
Homepage:	http://www.phenoelit.de/
File Size:	16605
Last Modified:	Jun 13 17:29:23 2000
MD5 Checksum:	f7d023c9bfa342c440262beb65dd105e

/// File Name:	CGIbackdoor.txt
Description:	CGI Backdoor - Perl based client / server backdoor which communicates over port 80, bypassing many firewalls.
Author:	Hypoclear
Homepage:	http://hypoclear.cjb.net
File Size:	3464
Last Modified:	Jun 13 16:23:11 2000
MD5 Checksum:	a64eb7601c4e7f66ae24d04b3766e345

/// File Name:	Raditz.cc
Description:	Raditz is a hacked replacement for the tripwire binary which never actually gets tripped. It attempts look and feel just like tripwire, allowing you to hopefully remain undetected on a rooted system just a little bit longer.
Author:	Technion
Homepage:	http://www.coons.org/
File Size:	6264
Last Modified:	Jun 8 18:06:00 2000
MD5 Checksum:	9498698261bb430e8552e191a34ac37e

/// File Name:	mod_backdoor.c
Description:	Apache DSO backdoor - A get request to a "special" url allows remote command execution.
Author:	Slash
Homepage:	http://b0f.freebsd.lublin.pl
File Size:	8809
Last Modified:	Jun 5 14:52:24 2000
MD5 Checksum:	84e2f164eca988c6647d0dc512f4536c

/// File Name:	cisco-ack-proof-concept.tgz
Description:	This document contains details on a proof-of-concept white paper on how to circumvent Cisco access-lists which rely on only permitting "established" TCP sessions by establishing communications between a client and server (included) which never uses the SYN bit. Works on any firewall that accepts all packets without the syn bit.
Author:	Codex
Homepage:	http://www.phate.net/docs/security/
File Size:	12711
Last Modified:	May 31 18:23:32 2000
MD5 Checksum:	e7c9032c77ac8938e06fd163cdc9e3fd

/// File Name:	shadyshell.c
Description:	shadyshell.c is a flexible, obfuscated, and lightweight UDP portshell. Takes client input via netcat -u.
Author:	S
File Size:	1159
Last Modified:	May 31 00:42:23 2000
MD5 Checksum:	8375bfbba53bf96bdb2c25cdd0e9ef28

/// File Name:	b0stt.tar.gz
Description:	Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
Author:	Xfer
Homepage:	http://b0f.freebsd.lublin.pl
File Size:	83433
Last Modified:	May 7 23:09:22 2000
MD5 Checksum:	3ca811fa7c30725b688e469ac3d73e0a

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]