Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
mood-nt.tgz |
Description:
|
Mood-NT is a linux kernel rootkit suckit2-like for 2.4.x/2.6.x kernels. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. If the kernel changes it automatically reinstall itself on boot.
| | Author: | darkangel | | Homepage: | http://darkangel.antifork.org | | File Size: | 35005 | | Last Modified: | Oct 24 17:12:23 2006 |
| MD5 Checksum: | c046c7882ca919d595b8491be609d149 |
|
| /// File Name: |
mood-nt_2.3.tgz |
Description:
|
Mood-NT 2.3 is a linux kernel rootkit for kernels 2.4.x and 2.6 versions below 2.6.20. It can hide processes, files, connections (unix, raw, and ipv6 too), promisc flag and it allows tty sniffing, exec redirection, exec parameters sniffing, has an internal private init script for starting whatever you want on boot. It has a lot of anti-detectors engines and a unique hiding engine hardware based (through the debug registers) that makes it completely stealth on x86 machines. It fully supports vsyscalls and if the kernel changes it automatically reinstall itself on boot.
| | Author: | darkangel | | Homepage: | http://darkangel.antifork.org | | File Size: | 36881 | | Last Modified: | Jun 6 18:38:28 2007 |
| MD5 Checksum: | c22f5dbb5757237be40c621f487ae8e2 |
|
| /// File Name: |
Mr-Lynd0v1.1.c |
Description:
|
Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
| | Author: | click | | File Size: | 6217 | | Last Modified: | Oct 22 00:48:36 2002 |
| MD5 Checksum: | 2993d94af3a9cb610ae7511a63b33983 |
|
| /// File Name: |
Mr-Lynd0v1.2.c |
Description:
|
Mr-Lynd0 is a log cleaner and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp. Version 1.2 released with bugfixes.
| | Author: | click | | File Size: | 6218 | | Last Modified: | Mar 7 01:38:35 2003 |
| MD5 Checksum: | 586820ca8ebab3a1e7edf4599c1a43d8 |
|
| /// File Name: |
mybindshell.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348.
| | Author: | Kafar | | Homepage: | http://www.olek.org/code | | File Size: | 1305 | | Last Modified: | Oct 15 16:14:24 2003 |
| MD5 Checksum: | acb885a3faa8b9468e8197811d7f280f |
|
| /// File Name: |
mybindshell2.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348. Includes the ability to only allow certain IP's.
| | Author: | Konewka | | Homepage: | http://www.olek.org/code | | File Size: | 2157 | | Last Modified: | Dec 14 22:25:49 2003 |
| MD5 Checksum: | ced8adcc43ee20caf12d6b514bcc2b45 |
|
| /// File Name: |
n-du.tgz |
Description:
|
N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
| | Author: | Serguei | | File Size: | 5252 | | Last Modified: | Sep 29 23:39:17 2004 |
| MD5 Checksum: | a18fef559fcfc16db6beadd02924cde6 |
|
| /// File Name: |
netstat.sh |
Description:
|
Netstat.sh is a shell script which compiles a C wrapper around /bin/netstat which hides a class B address space.
| | Author: | God- | | Homepage: | ftp://haxordot.org/pub/god-/ | | File Size: | 1125 | | Last Modified: | Aug 5 23:01:47 2000 |
| MD5 Checksum: | 1aaeb2723b4dba0eb612ef3fbfea415f |
|
| /// File Name: |
Netstat.zip |
Description:
|
Netstat.zip is a fake windows netstat which can hide certain network connections. Requires renaming the original netstat.
| | Author: | Digital Fire | | File Size: | 15843 | | Last Modified: | Apr 24 20:18:22 2001 |
| MD5 Checksum: | 97d5d9a6abab7e7c5a2b97e38252db12 |
|
| /// File Name: |
ntbindshell.zip |
Description:
|
Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
| | Author: | Christophe Devine | | File Size: | 13548 | | Last Modified: | Oct 20 21:54:48 2003 |
| MD5 Checksum: | f9263c604245a5fdff0843915d6936c4 |
|
| /// File Name: |
nx_back.c |
Description:
|
Simple unix-based backdoor that is very compact and provides a bindshell.
| | Author: | nitr0x | | Homepage: | http://www.nitrox.xt.pl | | File Size: | 2150 | | Last Modified: | Sep 10 01:21:52 2004 |
| MD5 Checksum: | b102aed4733efae0cd8de45938b514bc |
|
| /// File Name: |
openssh-2.9p2.patch |
Description:
|
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
| | File Size: | 3608 | | Last Modified: | Dec 8 22:42:10 2001 |
| MD5 Checksum: | 506df08051bf9a4a4e83c6b57873c242 |
|
| /// File Name: |
openssh-3.6p2-bd.diff |
Description:
|
OpenSSH 3.6p2 backdoor that logs all logins and passwords to a file. Original backdoor ported for 3.6p2 by ajax.
| | File Size: | 5471 | | Last Modified: | May 28 05:13:29 2003 |
| MD5 Checksum: | ed31a68cc3dc02ff8414481e41aa096e |
|
| /// File Name: |
openssh-4.5p1_backdoored.tar.gz |
Description:
|
Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.
| | Author: | santabug | | File Size: | 1005183 | | Last Modified: | Nov 16 12:22:39 2006 |
| MD5 Checksum: | 98c87de1cf5683f9400828281e3f0769 |
|
| /// File Name: |
openssh-4.6p1-backdored.tar.gz |
Description:
|
The backdoored version of OpenSSH 4.6p1. It logs passwords to /tmp/.sshell and also has the typical magic password.
| | Author: | ShadOS | | File Size: | 982882 | | Last Modified: | Apr 17 12:14:44 2007 |
| MD5 Checksum: | 082ab530608f02982dfcd57a28017ab3 |
|
| /// File Name: |
osxrk-0.2.1.tbz |
Description:
|
MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.
| | Author: | gapple | | File Size: | 86449 | | Last Modified: | Sep 10 12:35:27 2004 |
| MD5 Checksum: | 4d88ce2a44718703f5de06a26c26349a |
|
| /// File Name: |
ovas0n.c |
Description:
|
Opens a password protected backdoor and lets you execute commands, and then hides in the background. Based on gs.c.
| | Author: | misteri0 | | File Size: | 4160 | | Last Modified: | Jan 10 01:45:19 2000 |
| MD5 Checksum: | 43ff0cfc1b7dce9d3e4729fe7d1659a3 |
|
| /// File Name: |
override.tar.bz |
Description:
|
The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
| | Author: | Amir Alsbih | | Homepage: | http://www.informatik.uni-freiburg.de/~alsbiha/ | | File Size: | 3883 | | Last Modified: | Jan 27 14:12:33 2006 |
| MD5 Checksum: | 31a9eb52f4907924ba9fb22287b44996 |
|
| /// File Name: |
override.tar.gz |
Description:
|
Unavailable.
| | File Size: | 3918 | | Last Modified: | Jan 26 05:04:39 2006 |
| MD5 Checksum: | ebd24e8673c12b43c1ac08a1c341075c |
|
| /// File Name: |
ownit-0.1.tar.gz |
Description:
|
Ownit is a script that installs libnet, libnids, and dsniff on a system.
| | Author: | CowDog. | | File Size: | 367936 | | Last Modified: | Nov 19 11:15:27 2002 |
| MD5 Checksum: | 16ed3989ac5deb8be2ec6ca4812a28a6 |
|
| /// File Name: |
pam_backdoor.tar.gz |
Description:
|
Proof of concept PAM backdoor for Linux and FreeBSD that adds a magic password.
| | Author: | gml | | File Size: | 464988 | | Last Modified: | Nov 5 00:26:13 2003 |
| MD5 Checksum: | 52400e00f20a11515b0e1e1bf7ee367b |
|
| /// File Name: |
pam_rootkit.tar.gz |
Description:
|
This pam backdoor allows access to a machine using a backdoor password and arbitrary commands can also be executed without logging in. Logs normal users passwords to a log file. Configurable without recompilation.
| | Author: | gml | | File Size: | 32593 | | Last Modified: | Jul 17 17:52:00 2004 |
| MD5 Checksum: | 969c99b76280ca474c9f945b12c3becb |
|
| /// File Name: |
phalanx-b6.tar.bz2 |
Description:
|
Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device. Features include file hiding, process hiding, socket hiding, a tty sniffer, a tty connectback-backdoor, and auto injection on boot.
| | Author: | rebel | | File Size: | 19479 | | Last Modified: | Dec 27 03:25:28 2005 |
| MD5 Checksum: | 3d0ef3793579cd846e43a034d147ecd0 |
|
| /// File Name: |
Phantasmagoria.tgz |
Description:
|
Phantasmagoria hides tasks without modifying syscalls in Linux kernel v2.4. Includes a paper "Smashing The Kernel For Fun And Profit" and proof of concept code.
| | Author: | Dark Angel | | File Size: | 13061 | | Last Modified: | Sep 6 00:26:23 2002 |
| MD5 Checksum: | a278f9b3307f3c37c9c9d1247f110575 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
