Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
lrkn.tgz |
Description:
|
Linux rootkit 3.0 - Includes trojaned chfn, chsh, inetd, login, ls, du ifconfig, netstat, passwd, ps, top, rshd, syslod, tcpd, etc.
| | File Size: | 3639016 | | Last Modified: | Aug 16 20:05:21 1999 |
| MD5 Checksum: | 1aa105cdaedac8438f773cb5bd645848 |
|
| /// File Name: |
lrk5.src.tar.gz |
Description:
|
Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, thesniff, sniffchk, wted, and z2.
| | Author: | Lord Somer | | Homepage: | http://www.lordsomer.com/ | | Changes: | sshd-2.0.13 patch, a better sniffer, a backdoored su, and better crontab. Warning: This software causes anti-virus false positives. | | File Size: | 3301054 | | Last Modified: | Feb 11 19:27:02 2000 |
| MD5 Checksum: | e18b708650f7dc4cca447df33d09740f |
|
| /// File Name: |
last1.tgz |
Description:
|
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
| | Author: | K1net1c | | File Size: | 3160878 | | Last Modified: | Sep 24 06:13:41 2002 |
| MD5 Checksum: | 56b9eb9fabe884ebc8bcb02aa5f065c2 |
|
| /// File Name: |
toolkit.tgz |
Description:
|
The R3dstorm Toolkit is a rootkit like utility which hides processes and files and was tested on Red Hat 9.0.
| | Author: | r3dstorm | | File Size: | 1870878 | | Last Modified: | Jan 6 03:17:32 2004 |
| MD5 Checksum: | b8d3e1b38213fa172890f41e30411dab |
|
| /// File Name: |
dica.tgz |
Description:
|
Dica is a rootkit found in the wild. Looks like a t0rn variant. Thanks to Rob Hock
| | File Size: | 1366469 | | Last Modified: | Jun 6 02:07:13 2002 |
| MD5 Checksum: | 0f5ffea16e599bb13a69b4ba9b3748e2 |
|
| /// File Name: |
lrk4.unshad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Unshadowed Distribution.
| | Author: | Lord Somer. | | File Size: | 1252709 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | b4070c30eb6ec9f6b18c3c2dbbbf488c |
|
| /// File Name: |
fbsd.tgz |
Description:
|
FreeBSD rootkit precompiled binaries for 4.2-RELEASE.
| | Author: | Nyo, Jade | | File Size: | 1201232 | | Last Modified: | Mar 20 01:48:13 2002 |
| MD5 Checksum: | 3ba84e13541e99d8356dd119efc33c1e |
|
| /// File Name: |
cb-r00tkit.tgz |
Description:
|
cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
| | Author: | Zeen. | | File Size: | 1071008 | | Last Modified: | Oct 16 23:35:58 2002 |
| MD5 Checksum: | d871691531db1e82b5cf05a09a281a3b |
|
| /// File Name: |
lrk4.shad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Shadowed Distribution.
| | Author: | Lord Somer. | | File Size: | 1026038 | | Last Modified: | Aug 16 20:05:22 1999 |
| MD5 Checksum: | d476a0e8cac2d1f7e6e6f70cb451cb39 |
|
| /// File Name: |
openssh-4.5p1_backdoored.tar.gz |
Description:
|
Backdoored version of OpenSSH 4.5p1 that logs passwords to /var/tmp/sshbug.txt.
| | Author: | santabug | | File Size: | 1005183 | | Last Modified: | Nov 16 12:22:39 2006 |
| MD5 Checksum: | 98c87de1cf5683f9400828281e3f0769 |
|
| /// File Name: |
openssh-4.6p1-backdored.tar.gz |
Description:
|
The backdoored version of OpenSSH 4.6p1. It logs passwords to /tmp/.sshell and also has the typical magic password.
| | Author: | ShadOS | | File Size: | 982882 | | Last Modified: | Apr 17 12:14:44 2007 |
| MD5 Checksum: | 082ab530608f02982dfcd57a28017ab3 |
|
| /// File Name: |
rTelv2.8.zip |
Description:
|
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
| | Author: | PrOpHeT | | File Size: | 935488 | | Last Modified: | Oct 29 23:03:42 2003 |
| MD5 Checksum: | 31f4b59f08429f1e835b1989cd535d5c |
|
| /// File Name: |
fk.tgz |
Description:
|
Fuck`it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
| | Author: | Cyrax | | File Size: | 911360 | | Last Modified: | Sep 29 05:55:00 2002 |
| MD5 Checksum: | f3d55d07c747e7bb9c69a3a614a9d8d0 |
|
| /// File Name: |
lrk4.src.tar.gz |
Description:
|
Linux Rootkit - Source Distribution.
| | Author: | Lord Somer. | | File Size: | 900450 | | Last Modified: | Aug 16 20:05:23 1999 |
| MD5 Checksum: | c2f886c7af1e6318f79460ff0ffe4f5e |
|
| /// File Name: |
lrk-4.1.tar.gz |
Description:
|
Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed. Includes a better find patch, fixed install of pidof / killall, fixed rshd patch, compilation fixes, and more. Released 11-may-2000, tested on Linux kernel 2.2.6, Slackware 4.0.
| | Author: | Rolling | | File Size: | 890103 | | Last Modified: | Jul 22 03:20:26 2000 |
| MD5 Checksum: | 3028892d2463f353e24419a83cccb1b3 |
|
| /// File Name: |
0x333openssh-3.7.1p2.tar.gz |
Description:
|
Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 801501 | | Last Modified: | Sep 26 19:12:17 2003 |
| MD5 Checksum: | 008690b0235471672d814b9db06d94f4 |
|
| /// File Name: |
doorman-0.7.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | File Size: | 645120 | | Last Modified: | Jul 22 18:54:28 2004 |
| MD5 Checksum: | 882db90b5b3df7e9ce4aae6f1914bbfb |
|
| /// File Name: |
rel.tar.gz |
Description:
|
Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
| | File Size: | 640357 | | Last Modified: | Jul 11 21:50:51 2007 |
| MD5 Checksum: | 4015e13f814c5c33153ab49b196acd81 |
|
| /// File Name: |
sendm-8.9.3trojan.tar.gz |
Description:
|
Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell.
| | Author: | Axess | | File Size: | 598384 | | Last Modified: | Feb 11 18:01:29 2000 |
| MD5 Checksum: | c4d6ca89d5ceea3f5e071040ad29b4d8 |
|
| /// File Name: |
ark-1.0.1.tar.gz |
Description:
|
ARK version 1.0.1 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat.
| | Author: | Ambient. | | Changes: | sshd backdoor is fixed, and top backdoor is now included. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored. | | File Size: | 526758 | | Last Modified: | Dec 30 20:34:19 2000 |
| MD5 Checksum: | be9b7c48c5102c32c72b410db8862d05 |
|
| /// File Name: |
ark-1.0.tar.gz |
Description:
|
ARK version 1.0 - Ambient's Rootkit for Linux. Binaries only. This package includes backdoored versions of syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat. Warning: ARK sends email to a free email account on each system it is installed on - It is backdoored.
| | File Size: | 497089 | | Last Modified: | Dec 8 04:21:14 2000 |
| MD5 Checksum: | e5ccf93c811a9f73166051c1651001e9 |
|
| /// File Name: |
SAdoor-20031217.tgz |
Description:
|
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://cmn.listprojects.darklab.org/ | | Changes: | Added a new client side application to edit database files. First release of winserver, a version of SADoor for Microsoft Windows. | | File Size: | 472315 | | Last Modified: | Dec 18 17:31:08 2003 |
| MD5 Checksum: | dbf4d2850da1c3d1d1849075725a7487 |
|
| /// File Name: |
suckit2priv.tar.gz |
Description:
|
SucKIT Rootkit v2.0-devel-rc2. Easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets and sniff TTYs.
| | Author: | sd | | Homepage: | http://sd.g-art.nl | | File Size: | 465502 | | Last Modified: | Oct 13 02:06:53 2005 |
| MD5 Checksum: | 3bb82c1fddcc47456efee6f3687e4f51 |
|
| /// File Name: |
pam_backdoor.tar.gz |
Description:
|
Proof of concept PAM backdoor for Linux and FreeBSD that adds a magic password.
| | Author: | gml | | File Size: | 464988 | | Last Modified: | Nov 5 00:26:13 2003 |
| MD5 Checksum: | 52400e00f20a11515b0e1e1bf7ee367b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
