Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
blowdoor20.c |
Description:
|
Blowdoor v2.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 3831 | | Last Modified: | Sep 20 03:56:18 2002 |
| MD5 Checksum: | af17d89167bd317c22d516fcfa01bd12 |
|
| /// File Name: |
ssh-1.2.27rk.diff |
Description:
|
w00w00's magic backdoor patch for ssh 1.2.27. Magic password, does not log, permits root login, etc.
| | Author: | shadow | | Homepage: | http://www.w00w00.org | | File Size: | 3673 | | Last Modified: | Nov 4 01:40:45 1999 |
| MD5 Checksum: | e96d9e18cde693eab2f572e3e8676304 |
|
| /// File Name: |
bdoor.c |
Description:
|
Unix backdoor which pretends to be a http daemon.
| | Author: | CyberPsychotic | | File Size: | 3608 | | Last Modified: | Nov 15 19:03:15 1999 |
| MD5 Checksum: | 620e6dc8e252318465de768315e7f8be |
|
| /// File Name: |
openssh-2.9p2.patch |
Description:
|
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
| | File Size: | 3608 | | Last Modified: | Dec 8 22:42:10 2001 |
| MD5 Checksum: | 506df08051bf9a4a4e83c6b57873c242 |
|
| /// File Name: |
CGIbackdoor.txt |
Description:
|
CGI Backdoor - Perl based client / server backdoor which communicates over port 80, bypassing many firewalls.
| | Author: | Hypoclear | | Homepage: | http://hypoclear.cjb.net | | File Size: | 3464 | | Last Modified: | Jun 13 16:23:11 2000 |
| MD5 Checksum: | a64eb7601c4e7f66ae24d04b3766e345 |
|
| /// File Name: |
ddb-sfe.tar.gz |
Description:
|
An backdoor that lets you to reach root/user account shells over tcp channel using a procedure of callback initialized by a ICMP packet.
| | Author: | The Recidjvo | | Homepage: | http://www.pkcrew.org | | File Size: | 3447 | | Last Modified: | Dec 2 21:25:51 2000 |
| MD5 Checksum: | 8e1eeb8715c5e2283f2db800d0ef06f7 |
|
| /// File Name: |
sm4ck.c |
Description:
|
sm4ck v0.1 adds three simple backdoors to the box you execute it on.
| | Author: | Sector9 of rewted.org | | File Size: | 3443 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | 932b3e5d06df84fa9d92252e63798898 |
|
| /// File Name: |
udp_backdoor.tar.gz |
Description:
|
UDP backdoor which uses raw sockets. It spoofs the packets origin address when communicating with the server end of the backdoor. It also uses encryption, and has several methods of security through obscurity.
| | Author: | Plastek | | File Size: | 3380 | | Last Modified: | Feb 22 02:06:24 2002 |
| MD5 Checksum: | e631d34f6472356f7a8695a2650e6197 |
|
| /// File Name: |
dnsscan |
Description:
|
Unavailable.
| | File Size: | 3254 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | bd77f83037005a85d4123fee3abc138b |
|
| /// File Name: |
ES-Malaria.tar.gz |
Description:
|
ES-Malaria is a ptrace() injector.
| | Author: | Brain Storm | | File Size: | 3222 | | Last Modified: | Dec 24 03:56:59 2002 |
| MD5 Checksum: | 7fe96ade196dc0c3b70e65b6ce6b8242 |
|
| /// File Name: |
root-logine.zip |
Description:
|
Unavailable.
| | File Size: | 3150 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | e4d275018c52c18074bbb1d1d578fc55 |
|
| /// File Name: |
rsh-v2.c |
Description:
|
Unix log cleaner that also checks to see if root is logged in.
| | Author: | rotor | | Homepage: | http://www.c1zc0.com | | File Size: | 3149 | | Last Modified: | Oct 30 19:19:11 2005 |
| MD5 Checksum: | e2e7e8f9bb27e7b5dd66041ebd4d3766 |
|
| /// File Name: |
vexed.sh |
Description:
|
Backdoor shell script to be run from cron monthly.
| | Author: | Sil | | File Size: | 3109 | | Last Modified: | Nov 22 04:28:40 2001 |
| MD5 Checksum: | 0793fc12f1e7d665299d8bcc965302b0 |
|
| /// File Name: |
kbdv3.c |
Description:
|
Kbd v3.0 is a Linux loadable kernel module backdoor. Allows root access by modifying the SYS_utime and SYS_getuid32 system calls. Can be used in conjunction with cleaner.c from the adore root for stealth capability.
| | Author: | Spaceork | | File Size: | 3047 | | Last Modified: | Jul 19 19:49:47 2001 |
| MD5 Checksum: | 35bb7a88521f2c65ff8d88fa486a7d07 |
|
| /// File Name: |
rcbd.c |
Description:
|
Simple connect-back back door for Unix. Sends statistical information regarding the remote server such as uid/gid, uname, etc.
| | Author: | St0rM-MaN | | File Size: | 3047 | | Last Modified: | Oct 10 01:44:45 2007 |
| MD5 Checksum: | c59b4de790f54bbf3e6e647fc4dc9fd8 |
|
| /// File Name: |
apachebd.tgz |
Description:
|
Apache backdoor - Backdoors apache 1.3.17 / 1.3.19 to spawn a root shell when a certain page is requested.
| | Author: | Venomous | | File Size: | 3026 | | Last Modified: | Mar 19 03:30:44 2001 |
| MD5 Checksum: | 16607a98f128adb61a82b23f660bfc19 |
|
| /// File Name: |
httpbd.pl.txt |
Description:
|
httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
| | Author: | rav3n | | File Size: | 3016 | | Last Modified: | Sep 23 02:34:02 2005 |
| MD5 Checksum: | e96c0debb82cfb8f22165e943001f0ba |
|
| /// File Name: |
md5bd.c |
Description:
|
md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
| | Author: | Mixter | | Homepage: | http://1337.tsx.org | | File Size: | 3004 | | Last Modified: | Jul 15 17:48:54 2000 |
| MD5 Checksum: | 2fa9b94368cf2d9b511d009aece38bce |
|
| /// File Name: |
rkssh5.tar.gz |
Description:
|
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
| | Author: | Zelea | | Homepage: | http://www.ne.jp/asahi/linux/timecop/ | | Changes: | Bugfixes, and now uses a md5 hash of the password to prevent password recovery from the sshd binary. | | File Size: | 2969 | | Last Modified: | Dec 16 18:12:07 1999 |
| MD5 Checksum: | 5e68f72e686f63202d137c951463f36d |
|
| /// File Name: |
backd00r.c |
Description:
|
Unix bindshell backdoor that acts as psybnc if the password fails.
| | Author: | darkXside | | File Size: | 2948 | | Last Modified: | Mar 15 00:00:58 2005 |
| MD5 Checksum: | fd338c62f08e87b4b033bc88a47f9b9c |
|
| /// File Name: |
blackhole.c |
Description:
|
A basic backdoor that is a small, portable, and functional fake daemon. You tell it what you want it to run as under 'ps' and what port to bind to in the defines. Detailed description in the header.
| | Author: | Bronc Buster | | File Size: | 2948 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 81ff33344cc537d85620b0e1c7fcf03b |
|
| /// File Name: |
kbdv2.c |
Description:
|
Kdb is a nice little backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls.
| | Author: | Spaceork | | Changes: | Works on 2.2 kernels. | | File Size: | 2803 | | Last Modified: | Jan 6 17:58:37 2000 |
| MD5 Checksum: | 22f71383be1c921d2963d540aec9e668 |
|
| /// File Name: |
rkit.tar.gz |
Description:
|
Rkit is a backdoor based on blackhole.c which listens on a TCP port and requires a password.
| | Author: | Deathrow | | Homepage: | http://deathr0w.speckz.com/index.html | | File Size: | 2721 | | Last Modified: | Dec 3 11:20:52 2000 |
| MD5 Checksum: | 8cd3dd5deb68b4331d9ef2daaaf04400 |
|
| /// File Name: |
phide.tar.gz |
Description:
|
Phide - A lkm that hides processes under Linux 2.0. There already exist such thing for Linux 2.2 [like heroin.c or knark] but they're just for Linux 2.2.
| | Author: | noah | | Homepage: | http://ns2.crw.se/~tm/ | | File Size: | 2667 | | Last Modified: | Jan 28 18:53:58 2000 |
| MD5 Checksum: | 25ca4d12e42ba1ac0e3a5a71ccc9f33e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
