Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
enyelkm.en.v1.0.tar.gz |
Description:
|
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
| | Author: | RaiSe | | Homepage: | http://www.enye-sec.org | | File Size: | 9907 | | Last Modified: | Nov 30 14:14:40 2005 |
| MD5 Checksum: | 5896fe3e8a333c4e1e52daedc3422363 |
|
| /// File Name: |
enyelkm.en.v1.1.tar.gz |
Description:
|
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
| | Author: | RaiSe | | Homepage: | http://www.enye-sec.org | | Changes: | Version 1.1 | | File Size: | 9712 | | Last Modified: | Feb 20 16:28:09 2006 |
| MD5 Checksum: | 89340215b6cfceb3a176c4a30e34f5c6 |
|
| /// File Name: |
erne.txt |
Description:
|
New bypass shell for Linux servers. What you don't want to find lying around in your webroot.
| | Author: | Erne | | Homepage: | http://www.biyosecurity.net/ | | File Size: | 44624 | | Last Modified: | Sep 24 23:57:40 2007 |
| MD5 Checksum: | bf610ba81441e60aee255f2286010400 |
|
| /// File Name: |
ES-Malaria.tar.gz |
Description:
|
ES-Malaria is a ptrace() injector.
| | Author: | Brain Storm | | File Size: | 3222 | | Last Modified: | Dec 24 03:56:59 2002 |
| MD5 Checksum: | 7fe96ade196dc0c3b70e65b6ce6b8242 |
|
| /// File Name: |
eshell.c |
Description:
|
Eshell.c is a encrypted bindshell type backdoor which has a server daemon and client with AES encryption via libmix.
| | Author: | Luki Rustianto | | Homepage: | http://www.karet.org | | File Size: | 5667 | | Last Modified: | Jan 4 17:40:11 2001 |
| MD5 Checksum: | 75b97d78a51fdf7a51d4eb6fbd64fd9e |
|
| /// File Name: |
falcon-ssh-diffs.tar.gz |
Description:
|
Two rootkit / backdoor patches to ssh-1.2.27. The first diff turns ssh into a major backdoor. it will report itself as nscd in the process list, have ALL logging disabled, run on a different port, ignore all settings in the config file and allow a "magic word" login to all accounts, including root. The other patch simply adds a magic password to sshd, for use in patching an existing sshd.
| | Author: | Falcon | | File Size: | 2538 | | Last Modified: | Nov 5 12:30:34 1999 |
| MD5 Checksum: | cd9339f82c165b3b8fddebf126ff7c1d |
|
| /// File Name: |
false.c |
Description:
|
False.c is a local/remote backdoor for Linux.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 4536 | | Last Modified: | Jun 4 01:35:29 2002 |
| MD5 Checksum: | c122ccd9599635642b598c075d000acd |
|
| /// File Name: |
fbd-1.1.txt |
Description:
|
Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
| | Author: | Butternuts | | File Size: | 2521 | | Last Modified: | Jul 8 01:31:19 2002 |
| MD5 Checksum: | 7b61d02047c4b39bf0a429d947a78f7d |
|
| /// File Name: |
fbrk1-imps.tar.gz |
Description:
|
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
| | Author: | Nyo | | File Size: | 267168 | | Last Modified: | Nov 5 22:40:21 2001 |
| MD5 Checksum: | aabf3bc70afc09f16e0015272e8b2baa |
|
| /// File Name: |
fbsd.tgz |
Description:
|
FreeBSD rootkit precompiled binaries for 4.2-RELEASE.
| | Author: | Nyo, Jade | | File Size: | 1201232 | | Last Modified: | Mar 20 01:48:13 2002 |
| MD5 Checksum: | 3ba84e13541e99d8356dd119efc33c1e |
|
| /// File Name: |
file.c |
Description:
|
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
| | Author: | Gr33k | | Homepage: | http://www.frapes.org | | File Size: | 1920 | | Last Modified: | Jan 5 02:50:56 2003 |
| MD5 Checksum: | 770290c363c15e13d3eb89a80e65aa4e |
|
| /// File Name: |
firedoor-0.2.tar.gz |
Description:
|
firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting. Written in Java 1.4, so it is very small and can run on both Linux and Win32 without modifications. Source file included.
| | Author: | j0ker | | Homepage: | http://olives.ath.cx/~j0ker/ | | File Size: | 10511 | | Last Modified: | Aug 11 12:18:14 2003 |
| MD5 Checksum: | 984aa4861deeb9af70a9cee118a49278 |
|
| /// File Name: |
fk.tgz |
Description:
|
Fuck`it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
| | Author: | Cyrax | | File Size: | 911360 | | Last Modified: | Sep 29 05:55:00 2002 |
| MD5 Checksum: | f3d55d07c747e7bb9c69a3a614a9d8d0 |
|
| /// File Name: |
flea.tar.gz |
Description:
|
FLEA is a linux rootkit for all distributions.
| | Author: | skatE | | Homepage: | http://www.the-diamonds.org | | File Size: | 106847 | | Last Modified: | Oct 4 03:30:20 2002 |
| MD5 Checksum: | dfd8f8b6babe05182bb5c3e3e1b5d5a3 |
|
| /// File Name: |
gH-cgi.c |
Description:
|
A simple cgi backdoor which pipes command output to the browser.
| | Author: | Blasphemy | | File Size: | 1826 | | Last Modified: | May 1 17:46:44 1999 |
| MD5 Checksum: | 2c0331f54922c1b1140e8992598fbb2f |
|
| /// File Name: |
hacking_unix.txt |
Description:
|
Unavailable.
| | File Size: | 41819 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | d853a748e2888235a93e150b90616e4a |
|
| /// File Name: |
hhp-SSH_TROSNIFF.tgz |
Description:
|
hhp-trosniff is a complete package of patches to modify ssh, ssh2, sshd, ssh2d, and opensshd to extract and log the Incoming/Target HostName/UserName/Password. Intended to log brute force attacks and deleted users who try to gain access.
| | Author: | Loophole | | File Size: | 4064 | | Last Modified: | Jun 21 19:31:24 2000 |
| MD5 Checksum: | 8bc929c223f30bbea750ab01ca5fdd70 |
|
| /// File Name: |
httpbd.pl.txt |
Description:
|
httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
| | Author: | rav3n | | File Size: | 3016 | | Last Modified: | Sep 23 02:34:02 2005 |
| MD5 Checksum: | e96c0debb82cfb8f22165e943001f0ba |
|
| /// File Name: |
icmp-backdoor.tar.gz |
Description:
|
Small ICMP backdoor which works under BSD, Linux, and Solaris. Because you can define the icmp_code to use it is able simulate an echo_request <-> echo_reply conversation so it looks like a normal ping with bigger packets. It also includes a session_id to detect the right packets (which is also done by certain icmp_id's).
| | Author: | Martin J. Muench | | Homepage: | http://www.codito.de | | File Size: | 5118 | | Last Modified: | May 30 01:49:11 2002 |
| MD5 Checksum: | d77f547863617b69e6206eb72c90fce2 |
|
| /// File Name: |
inetdfun.tar.gz |
Description:
|
Inetdfun is a public version of an inetd backdoor which uses ICMP to trigger a remote shell. Includes readme and source diff.
| | Author: | Wildandi | | Homepage: | http://segfault.net/~wildandi | | File Size: | 1861 | | Last Modified: | Nov 11 20:24:47 2000 |
| MD5 Checksum: | 41dd75e78dd7a1d92e340a9a5cfdb0d3 |
|
| /// File Name: |
kbdis.c |
Description:
|
kbdis.c disables the keyboard on most x86 systems. Useful for locking out root in a pinch.
| | Author: | Sorcerer | | File Size: | 241 | | Last Modified: | May 8 18:55:53 2001 |
| MD5 Checksum: | b993d33d0fe64d76d9829f0ed97d6ab1 |
|
| /// File Name: |
kbdv2.c |
Description:
|
Kdb is a nice little backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls.
| | Author: | Spaceork | | Changes: | Works on 2.2 kernels. | | File Size: | 2803 | | Last Modified: | Jan 6 17:58:37 2000 |
| MD5 Checksum: | 22f71383be1c921d2963d540aec9e668 |
|
| /// File Name: |
kbdv3.c |
Description:
|
Kbd v3.0 is a Linux loadable kernel module backdoor. Allows root access by modifying the SYS_utime and SYS_getuid32 system calls. Can be used in conjunction with cleaner.c from the adore root for stealth capability.
| | Author: | Spaceork | | File Size: | 3047 | | Last Modified: | Jul 19 19:49:47 2001 |
| MD5 Checksum: | 35bb7a88521f2c65ff8d88fa486a7d07 |
|
| /// File Name: |
kernel.keylogger.txt |
Description:
|
Kernel Based Keystroke Loggers for Linux - This paper describes the basic concepts and techniques used for recording keystroke activity under linux. Includes proof of concept LKM which is stealthy, works with recent distributions, and is capable of logging local logins and ssh sessions to and from the host. Tested on Slackware v8.0 with kernel v2.4.5.
| | Author: | Mercenary | | Homepage: | http://www.phreedom.org/article.php?id=28 | | File Size: | 20270 | | Last Modified: | Jan 26 15:24:34 2002 |
| MD5 Checksum: | a9615f10eaef0364e7e748a96c2fb1c1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
