Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
Mr-Lynd0v1.1.c |
Description:
|
Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
| | Author: | click | | File Size: | 6217 | | Last Modified: | Oct 22 00:48:36 2002 |
| MD5 Checksum: | 2993d94af3a9cb610ae7511a63b33983 |
|
| /// File Name: |
allinone.c |
Description:
|
Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
| | Author: | Lion | | Homepage: | http://www.cnhonker.com | | File Size: | 19710 | | Last Modified: | Oct 21 02:01:23 2002 |
| MD5 Checksum: | 8bc44ad107518ac38b7003c5479ca020 |
|
| /// File Name: |
cb-r00tkit.tgz |
Description:
|
cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.
| | Author: | Zeen. | | File Size: | 1071008 | | Last Modified: | Oct 16 23:35:58 2002 |
| MD5 Checksum: | d871691531db1e82b5cf05a09a281a3b |
|
| /// File Name: |
flea.tar.gz |
Description:
|
FLEA is a linux rootkit for all distributions.
| | Author: | skatE | | Homepage: | http://www.the-diamonds.org | | File Size: | 106847 | | Last Modified: | Oct 4 03:30:20 2002 |
| MD5 Checksum: | dfd8f8b6babe05182bb5c3e3e1b5d5a3 |
|
| /// File Name: |
fk.tgz |
Description:
|
Fuck`it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
| | Author: | Cyrax | | File Size: | 911360 | | Last Modified: | Sep 29 05:55:00 2002 |
| MD5 Checksum: | f3d55d07c747e7bb9c69a3a614a9d8d0 |
|
| /// File Name: |
last1.tgz |
Description:
|
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
| | Author: | K1net1c | | File Size: | 3160878 | | Last Modified: | Sep 24 06:13:41 2002 |
| MD5 Checksum: | 56b9eb9fabe884ebc8bcb02aa5f065c2 |
|
| /// File Name: |
rathole.c |
Description:
|
rathole 1.0 is a passworded backdoor for Linux and Openbsd.
| | Author: | Incognito/PT | | File Size: | 2038 | | Last Modified: | Sep 24 05:39:04 2002 |
| MD5 Checksum: | ab27a2c96b72231c6f8b8412622fecb5 |
|
| /// File Name: |
blowdoor20.c |
Description:
|
Blowdoor v2.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 3831 | | Last Modified: | Sep 20 03:56:18 2002 |
| MD5 Checksum: | af17d89167bd317c22d516fcfa01bd12 |
|
| /// File Name: |
adore-0.42.tgz |
Description:
|
Adore is a linux LKM based rootkit for Linux v2.[24]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
| | Author: | Stealth | | Homepage: | http://www.team-teso.net | | Changes: | Added devpts fix, fixed is_secret64() to properly hide files, and fixed a memory leak. | | File Size: | 14749 | | Last Modified: | Sep 19 18:18:14 2002 |
| MD5 Checksum: | 156ded13d5e16b84a9e31193bc9bc417 |
|
| /// File Name: |
Phantasmagoria.tgz |
Description:
|
Phantasmagoria hides tasks without modifying syscalls in Linux kernel v2.4. Includes a paper "Smashing The Kernel For Fun And Profit" and proof of concept code.
| | Author: | Dark Angel | | File Size: | 13061 | | Last Modified: | Sep 6 00:26:23 2002 |
| MD5 Checksum: | a278f9b3307f3c37c9c9d1247f110575 |
|
| /// File Name: |
blowdoor01c.c |
Description:
|
Blowdoor is a backdoor for unix systems using md5sum passwords.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 4730 | | Last Modified: | Aug 28 00:45:53 2002 |
| MD5 Checksum: | 6463bd5ffa2ba22447718154fa4295cb |
|
| /// File Name: |
BBD-0.3.tgz |
Description:
|
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.
| | Author: | Detach | | File Size: | 4694 | | Last Modified: | Aug 21 01:50:31 2002 |
| MD5 Checksum: | 2d2074b6a4c23bf8bb912ffe8dbeb658 |
|
| /// File Name: |
2minbdoor.c |
Description:
|
/bin/login backdoor by tracewar.
| | File Size: | 753 | | Last Modified: | Aug 21 00:29:29 2002 |
| MD5 Checksum: | b44ea20a28d7e2ed9260a8d96caaae9e |
|
| /// File Name: |
blowdoor01b.c |
Description:
|
Blowdoor is a unix backdoor with a definable port, password, executable to run, process to show job as, and logging facility.
| | Author: | bl0w | | Homepage: | http://www.secworld.org/ | | File Size: | 5324 | | Last Modified: | Aug 18 16:24:07 2002 |
| MD5 Checksum: | c8070fe07386800d942dbb40acd46517 |
|
| /// File Name: |
ssh0wn.diff |
Description:
|
Patch for openssh-3.4p1 that will grant login access to any user with the "secret" pass and that user will not be logged. It will also capture usernames and passwords on outbound and inbound ssh connections.
| | Author: | Enz00 | | Homepage: | http://sec.angrypacket.com | | File Size: | 5595 | | Last Modified: | Aug 8 21:06:07 2002 |
| MD5 Checksum: | 6efb88ae0c6e3fec167935a646a9ec6e |
|
| /// File Name: |
sk-1.3a.tar.gz |
Description:
|
The SucKIT is easy-to-use, Linux-i386 kernel-based rootkit. The code stays in memory through /dev/kmem trick, without help of LKM support nor System.map or such things. Everything is done on the fly. It can hide PIDs, files, tcp/udp/raw sockets, sniff TTYs. Next, it have integrated TTY shell access (xor+sha1) which can be invoked through any running service on a server. No compiling on target box needed, one binary can work on any of 2.2.x & 2.4.x kernels precompiled (libc-free).
| | Author: | Sd | | Homepage: | http://sd.g-art.nl/sk | | File Size: | 45051 | | Last Modified: | Jul 8 03:14:46 2002 |
| MD5 Checksum: | 5b947de74ce9ba53023569fe77cae75b |
|
| /// File Name: |
bash-door.tar.gz |
Description:
|
Backdoors Bash-2.05 for local root.
| | Author: | Bob | | Homepage: | http://www.dtors.net | | File Size: | 2426 | | Last Modified: | Jul 8 02:45:50 2002 |
| MD5 Checksum: | c6edcabbcd0ade055d43a041c42f2c50 |
|
| /// File Name: |
fbd-1.1.txt |
Description:
|
Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
| | Author: | Butternuts | | File Size: | 2521 | | Last Modified: | Jul 8 01:31:19 2002 |
| MD5 Checksum: | 7b61d02047c4b39bf0a429d947a78f7d |
|
| /// File Name: |
SAdoor.0.3.beta.tgz |
Description:
|
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://www.mdstud.chalmers.se/~md0claes | | File Size: | 262571 | | Last Modified: | Jun 27 23:32:10 2002 |
| MD5 Checksum: | a9e6f5155bde823d8fd50813852bee53 |
|
| /// File Name: |
dica.tgz |
Description:
|
Dica is a rootkit found in the wild. Looks like a t0rn variant. Thanks to Rob Hock
| | File Size: | 1366469 | | Last Modified: | Jun 6 02:07:13 2002 |
| MD5 Checksum: | 0f5ffea16e599bb13a69b4ba9b3748e2 |
|
| /// File Name: |
rwwwshell-2.0.pl.gz |
Description:
|
Reverse-WWW-Tunnel-Backdoor v2.0 - This backdoor should work through any firewall which has got the security policy to allow users to surf the WWW. Verified to work on Linux, Solaris, AIX and OpenBSD.
| | Author: | van Hauser | | Homepage: | http://www.thc.org/ | | Changes: | Now has full HTTP v1.0 compliance. | | File Size: | 5440 | | Last Modified: | Jun 4 03:20:12 2002 |
| MD5 Checksum: | b54eb0a55405d0b11681391f70fe0be6 |
|
| /// File Name: |
SeCshell.c |
Description:
|
Local backdoor - Secure root shell, protected by standard DES encryption.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 901 | | Last Modified: | Jun 4 01:36:45 2002 |
| MD5 Checksum: | 023099b2625f65810fde4ab2f89f6af7 |
|
| /// File Name: |
false.c |
Description:
|
False.c is a local/remote backdoor for Linux.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 4536 | | Last Modified: | Jun 4 01:35:29 2002 |
| MD5 Checksum: | c122ccd9599635642b598c075d000acd |
|
| /// File Name: |
pure-xinetd-backdoor.c |
Description:
|
Xinetd backdoor.
| | Author: | Pwr | | File Size: | 1339 | | Last Modified: | Jun 2 23:40:25 2002 |
| MD5 Checksum: | 7d06bac34cf9bd9bd77ad1523bfa48b5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
