NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
272d6d9b88fa87a16f8660e9f2a198c4Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
37b1ceb79a5ff3debca335d6550ac6b0RopeADope is a log cleaning script for Linux.
cf45c95eef207fbb04603b859f4ea090Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
c45c761a3482f2a9514aa851dd8fc7b8Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed.
2a0006cd9cce2fd3adfed55243144cf7WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
48bce3cf1ef0c9c611d66a0bd3dcfe8aThis is a small connect-back script written in Python.
2a7f1e94c35ca603a309de806dfd4ef6trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
01d679c8bdbcea9db29455669165e216This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
e17d0ef919b2eabebc9761c4abdea8c7WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
b74689916ea156d422177f331fe570c8This is a very small backdoor written in Python.
abf97854fff55fbaf20ea64011da1522This is a php shell that offers various connect-back methods, the ability to read files, grab source, execute code, etc.
3b6013b3e9ec147f00de99feedbc7172log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.
8e19ae8abd2570913871373fe04844faKBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more.
c8fbf115fdf309273ce23f94d817210fWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
f4fbdca27c7a4629314c184bf09461ffWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
983c15146c1156bde098d9e81f412157Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
c4f68fd8a88e336f5630798bde50c913This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.
f18d5418f6eb91321033867fb1fe68c6This is a Perl CGI backdoor that provides shell-like capability.
e09fcae11cb6f6b92baca45b082449ceKnull Shell Alpha1 is a PHP shell that has bind, reverse, and backpipe shells.
1bd6d6835296305ab21cd1ec34ab8627Ani-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.
f789ddc02f9f16fa9f82a31ce2e0f5cfTurtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
cf4f4980dd9d360041e530b903ffca53This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained.
5c1eb6df84676039b26b56dda73f62b3This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.
6ce86ef3082d68ab9743dcd313e30a22This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.
572ec9cc7fb7f5b6b2e49748ecb5c1af
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed