Latte is a little unix backdoor which only allows one UID to use it.
50b42878974dd58eece52e4941727f5aBBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. Allows remote command execution and file upload.
17a9eaece27bbf5b5a8601c89b3b3a27Ownit is a script that installs libnet, libnids, and dsniff on a system.
16ed3989ac5deb8be2ec6ca4812a28a6Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
1ff30567857b78272c86eaa119d49043Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
2993d94af3a9cb610ae7511a63b33983Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
8bc44ad107518ac38b7003c5479ca020cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
d871691531db1e82b5cf05a09a281a3bFLEA is a linux rootkit for all distributions.
dfd8f8b6babe05182bb5c3e3e1b5d5a3Fuck'it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
f3d55d07c747e7bb9c69a3a614a9d8d0The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
56b9eb9fabe884ebc8bcb02aa5f065c2rathole 1.0 is a passworded backdoor for Linux and Openbsd.
ab27a2c96b72231c6f8b8412622fecb5Blowdoor v2.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
af17d89167bd317c22d516fcfa01bd12Phantasmagoria hides tasks without modifying syscalls in Linux kernel v2.4. Includes a paper "Smashing The Kernel For Fun And Profit" and proof of concept code.
a278f9b3307f3c37c9c9d1247f110575Blowdoor is a backdoor for unix systems using md5sum passwords.
6463bd5ffa2ba22447718154fa4295cbBBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an <optional> client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.
2d2074b6a4c23bf8bb912ffe8dbeb658/bin/login backdoor by tracewar.
b44ea20a28d7e2ed9260a8d96caaae9eWuftpd 2.6.2 backdoored.
f812bd8ac20e90fc2566980ee2f1464aBlowdoor is a unix backdoor with a definable port, password, executable to run, process to show job as, and logging facility.
c8070fe07386800d942dbb40acd46517Patch for openssh-3.4p1 that will grant login access to any user with the "secret" pass and that user will not be logged. It will also capture usernames and passwords on outbound and inbound ssh connections.
6efb88ae0c6e3fec167935a646a9ec6eThe SucKIT is easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets, sniff TTYs. Next, it have integrated TTY shell access (xor+sha1) which can be invoked through any running service on a server. No compiling on target box needed, one binary can work on any of 2.2.x & 2.4.x kernels precompiled (libc-free).
5b947de74ce9ba53023569fe77cae75bBackdoors Bash-2.05 for local root.
c6edcabbcd0ade055d43a041c42f2c50Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
7b61d02047c4b39bf0a429d947a78f7dSADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
a9e6f5155bde823d8fd50813852bee53Dica is a rootkit found in the wild. Looks like a t0rn variant. Thanks to Rob Hock
0f5ffea16e599bb13a69b4ba9b3748e2Local backdoor - Secure root shell, protected by standard DES encryption.
023099b2625f65810fde4ab2f89f6af7
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed