Section: .. / linux / modules /
| /// File Name: |
adore-ng-0.31.tgz |
Description:
|
Adore is a Linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Syslog filtering, wtmp/utmp/lastlog filtering, relinking of LKMs as described in Phrack #61. | | File Size: | 18140 | | Last Modified: | Jan 5 19:33:29 2004 |
| MD5 Checksum: | 4a925181db7030c1e9b67225a88abbe0 |
|
| /// File Name: |
cocain.c |
Description:
|
Module to hide processes and files.
| | Author: | Pmsac | | File Size: | 8367 | | Last Modified: | Oct 7 15:16:39 1999 |
| MD5 Checksum: | 398bfa197363d818b656958448d70ee0 |
|
| /// File Name: |
digsig-1.3.2.tar.gz |
Description:
|
DigSig kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verifies this signature before loading the binary. It is based on the Linux Security Module hooks (standard in main stream Linux kernel 2.5.66 and higher). Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Trojan programs, and backdoors from running on the system.
| | Homepage: | http://sourceforge.net/projects/disec/ | | File Size: | 745603 | | Last Modified: | Nov 20 15:42:45 2005 |
| MD5 Checksum: | 7636bc6cfe7bf8593a2323034d55f38a |
|
| /// File Name: |
frontkey.tgz |
Description:
|
Remote administration kernel module designed for the 2.4 series. It replaces system calls by inserting a push ret at the beginning of system_call, making the program jump to specified code. It provides a remote terminal backdoor through SYS_read hooking which means you can enter the box through any open tcp port. The connection is XOR encrypted and the module hides ports and pids. It also hides itself from vmalloc structure scanning and lsmod. Tested on Redhat 7.2 and 8.0. Currently lacks SMP support and is not considered stable so please exercise caution when utilizing this.
| | Author: | ins1der | | File Size: | 9952 | | Last Modified: | Aug 25 23:17:32 2003 |
| MD5 Checksum: | 3f5cdb6e7dba958b3e9f438acf055153 |
|
| /// File Name: |
fuckptrace.c |
Description:
|
fuckptrace is a Linux kernel module used for bypassing anti-ptrace protection used against the reverse engineering process.
| | Author: | truff | | Homepage: | http://www.projet7.org | | File Size: | 1414 | | Last Modified: | Apr 1 22:20:50 2003 |
| MD5 Checksum: | 4b70735c212f379e57d284e2d6879972 |
|
| /// File Name: |
hmod-0.2.tar.gz |
Description:
|
Hmod v0.2 is a linux module which hides and shows other modules.
| | Author: | Amlet0 | | Homepage: | http://www.hackblaze.org | | File Size: | 2076 | | Last Modified: | Dec 3 01:24:22 2002 |
| MD5 Checksum: | 0eb12a0ca5a3471f7df5fe99c09e9848 |
|
| /// File Name: |
khideee.c |
Description:
|
This Linux LKM allows you to hide tasks to KSTAT, a tool used to find attackers in your system by a direct analysis of the kernel through /dev/kmem. StMichael_LKM 0.10 (default installation) will not detect this. Tested on Linux 2.4.x kernels.
| | Author: | Michele Dallachiesa aka xenion | | Homepage: | http://www.acidlife.com/mayhem/tba | | File Size: | 4568 | | Last Modified: | Jul 31 03:06:23 2002 |
| MD5 Checksum: | 3319e2c1f084a77464c76acd3c6d14c1 |
|
| /// File Name: |
krnhide.c |
Description:
|
Generic module hidder, for linux 2.2.x kernels. Hides the last module installed.
| | Author: | Kossak | | Homepage: | http://www.rnl.ist.utl.pt/~ldvg | | File Size: | 1756 | | Last Modified: | Oct 7 15:16:39 1999 |
| MD5 Checksum: | 2c1c4c37a74d4b5976a8b3f5b991837a |
|
| /// File Name: |
krnsniff.c |
Description:
|
krnsniff.c v0.1a - A kernel based sniffer module tested on linux-2.2.5 kernel. Nearly undetectable if a module hider is loaded.
| | Author: | Kossak | | Homepage: | http://www.rnl.ist.utl.pt/~ldvg | | File Size: | 12315 | | Last Modified: | Dec 7 15:46:31 1999 |
| MD5 Checksum: | b5b18fe31c1acf25a9d3912e60ac1d73 |
|
| /// File Name: |
lkminject.sh |
Description:
|
lkminject is a script that builds a binary which will allow you to inject a module inside of a kernel module.
| | Author: | truff | | File Size: | 5853 | | Last Modified: | Apr 3 00:04:59 2003 |
| MD5 Checksum: | 8fce26fe6241564166adb32b791c9b9a |
|
| /// File Name: |
megas.c |
Description:
|
Module to retrieve privilege to processes.
| | Author: | Pmsac | | File Size: | 4258 | | Last Modified: | Oct 7 15:16:39 1999 |
| MD5 Checksum: | 4c6de5c0514d6b0271b211e98f536506 |
|
| /// File Name: |
mod_icmp.c |
Description:
|
This linux kernel module acts like an icmp proxy for echo/echo-reply packets at kernel level, preventing icmp tunnels through firewalls or directly to the server it is installed on.
| | Author: | Fryx | | Homepage: | http://www.geocities.com/fryxar | | File Size: | 3117 | | Last Modified: | Nov 21 13:37:50 2003 |
| MD5 Checksum: | e1737913c946cc6774e1c435dd5715ff |
|
| /// File Name: |
nfbypass.c |
Description:
|
nfbypass is a Linux kernel module for the 2.4.x series which, when inserted, will bypass netfilter rules.
| | Author: | truff | | Homepage: | http://www.projet7.org | | File Size: | 2570 | | Last Modified: | Apr 1 22:19:41 2003 |
| MD5 Checksum: | 76fd7452b1e192965030bbe740138dee |
|
| /// File Name: |
portknock-sshd_lkm.c |
Description:
|
Kernel module using portknocking to get sshd spawned after challenging a list of specified daemons. Designed for 2.4 kernels.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 3127 | | Last Modified: | Sep 13 17:12:18 2004 |
| MD5 Checksum: | e8452737adc66598a3449b1ce136b2a5 |
|
| /// File Name: |
sexy-socket.c |
Description:
|
Sexy-SOCKET v0.1 is a Linux LKM which restricts creation of AF_INET sockets to the root account only. Works on kernels v2.2.x and 2.4.x.
| | Author: | DownBload | | Homepage: | http://www.ii-labs.org | | File Size: | 1645 | | Last Modified: | Oct 29 23:48:09 2003 |
| MD5 Checksum: | 2b734c7c8f206fa99ac2281d200c7877 |
|
| /// File Name: |
sptrace-1.4.0.tar.gz |
Description:
|
sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().
| | Author: | Krzysztof Burghardt | | Homepage: | http://www.underground.org.pl/einstein/ | | File Size: | 9016 | | Last Modified: | Aug 13 11:19:39 2004 |
| MD5 Checksum: | ebeee9d53439749608b6a4c975f441cd |
|
| /// File Name: |
sptrace-1.4.1.tar.gz |
Description:
|
sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().
| | Author: | Krzysztof Burghardt | | Homepage: | http://www.underground.org.pl/einstein/ | | File Size: | 14337 | | Last Modified: | Dec 29 15:49:17 2007 |
| MD5 Checksum: | d0b58eced8f60e696c39dfaf4b306771 |
|
| /// File Name: |
stealth.c |
Description:
|
Stealth.c is a Linux 2.2.x kernel module which discards packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | File Size: | 7514 | | Last Modified: | Aug 27 01:50:20 2002 |
| MD5 Checksum: | 319dbc150eb9c78008bb754a8de815e0 |
|
| /// File Name: |
uidbind-lsm-0.4.tar.gz |
Description:
|
UidBind is a simple LSM module that restricts calls to the bind() function to the UID/GID defined in a configfs tree.
| | Author: | Roberto De Ioris | | File Size: | 4535 | | Last Modified: | Jun 10 20:38:56 2007 |
| MD5 Checksum: | 3ae33ce83ffb6cef9cc02a5a37521013 |
|
| /// File Name: |
uname_lkm.c |
Description:
|
Linux kernel module that will fake uname output for the 2.4 kernel series.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 2006 | | Last Modified: | Jul 26 11:19:01 2004 |
| MD5 Checksum: | 34d42e3dbbc7c7204ebb1aab736eafaf |
|
| /// File Name: |
useless-vmsplice.tar.gz |
Description:
|
This is a kernel module for Linux 2.6 to replace vmsplice() function with another that does nothing. The purpose of the module is to evade the attacks to the system call logging to kernel messages the usage attempts of vmsplice() with the arguments.
| | Author: | toorandom | | File Size: | 1850 | | Last Modified: | Feb 13 17:25:33 2008 |
| MD5 Checksum: | 8b52e9351c6750b2477b8a046d192bad |
|
| /// File Name: |
yinyang-1.0.zip |
Description:
|
yinyang is a kernel module used to detect a file opening and passes that information to a daemon for action such as logging file transactions, anti-virus checking, and other file activities. Ideal for real-time on-access file scanning.
| | Author: | Primac | | Homepage: | http://yinyang.sourceforge.net/ | | File Size: | 15750 | | Last Modified: | Jan 5 20:13:32 2004 |
| MD5 Checksum: | 7a9c3a73819455d9f88a758d2f056231 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
