Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
tunnelshell_2.3.tgz |
Description:
|
Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).
| | Author: | Fryx | | Homepage: | http://www.geocities.com/fryxar | | File Size: | 7410 | | Last Modified: | Nov 21 13:35:56 2003 |
| MD5 Checksum: | 2cff53694f9cfe864f65d83f9901529b |
|
| /// File Name: |
superkit.tar.gz |
Description:
|
Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
| | Author: | mostarac | | File Size: | 49939 | | Last Modified: | Nov 13 21:24:05 2003 |
| MD5 Checksum: | 9b98867b4b10b9461c06b82f42d2e9b0 |
|
| /// File Name: |
pam_backdoor.tar.gz |
Description:
|
Proof of concept PAM backdoor for Linux and FreeBSD that adds a magic password.
| | Author: | gml | | File Size: | 464988 | | Last Modified: | Nov 5 00:26:13 2003 |
| MD5 Checksum: | 52400e00f20a11515b0e1e1bf7ee367b |
|
| /// File Name: |
rTelv2.8.zip |
Description:
|
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
| | Author: | PrOpHeT | | File Size: | 935488 | | Last Modified: | Oct 29 23:03:42 2003 |
| MD5 Checksum: | 31f4b59f08429f1e835b1989cd535d5c |
|
| /// File Name: |
rrc_v0.2.tar.gz |
Description:
|
RRC (Roland Remote Control) v0.2 can be used to control a linux box from a remote location.
| | Author: | Roland | | File Size: | 4623 | | Last Modified: | Oct 29 22:58:35 2003 |
| MD5 Checksum: | 57dc5fcde41b7e0100ff50d76b3a617f |
|
| /// File Name: |
ntbindshell.zip |
Description:
|
Ntbindshell is a lightweight (24k compiled) cmd.exe backdoor for Windows. Full C source included. Provides two modes of operation - standard (listening mode) or reverse-connect mode. Includes the ability to install itself as a system service, providing a shell with LocalSystem privileges.
| | Author: | Christophe Devine | | File Size: | 13548 | | Last Modified: | Oct 20 21:54:48 2003 |
| MD5 Checksum: | f9263c604245a5fdff0843915d6936c4 |
|
| /// File Name: |
mybindshell.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348.
| | Author: | Kafar | | Homepage: | http://www.olek.org/code | | File Size: | 1305 | | Last Modified: | Oct 15 16:14:24 2003 |
| MD5 Checksum: | acb885a3faa8b9468e8197811d7f280f |
|
| /// File Name: |
login-back.c |
Description:
|
Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
| | Author: | tracewar | | File Size: | 1488 | | Last Modified: | Oct 2 13:09:48 2003 |
| MD5 Checksum: | c0a77d42bb53610b4ec2daf01cda55b1 |
|
| /// File Name: |
0x333openssh-3.7.1p2.tar.gz |
Description:
|
Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 801501 | | Last Modified: | Sep 26 19:12:17 2003 |
| MD5 Checksum: | 008690b0235471672d814b9db06d94f4 |
|
| /// File Name: |
SAdoor-20030805.tgz |
Description:
|
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3). First non-beta release.
| | Author: | CMN | | Homepage: | http://cmn.listprojects.darklab.org/ | | File Size: | 322932 | | Last Modified: | Aug 11 22:47:12 2003 |
| MD5 Checksum: | 82794a18353dde4f520ef3a53f99cd4b |
|
| /// File Name: |
firedoor-0.2.tar.gz |
Description:
|
firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting. Written in Java 1.4, so it is very small and can run on both Linux and Win32 without modifications. Source file included.
| | Author: | j0ker | | Homepage: | http://olives.ath.cx/~j0ker/ | | File Size: | 10511 | | Last Modified: | Aug 11 12:18:14 2003 |
| MD5 Checksum: | 984aa4861deeb9af70a9cee118a49278 |
|
| /// File Name: |
defuserootkit2.tar |
Description:
|
Updated version of a utility that removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
| | Author: | cameleonu | | File Size: | 30720 | | Last Modified: | May 29 00:44:42 2003 |
| MD5 Checksum: | 8c15ca479777cb3e1c5f8923e059f85f |
|
| /// File Name: |
openssh-3.6p2-bd.diff |
Description:
|
OpenSSH 3.6p2 backdoor that logs all logins and passwords to a file. Original backdoor ported for 3.6p2 by ajax
| | File Size: | 5471 | | Last Modified: | May 28 05:13:29 2003 |
| MD5 Checksum: | ed31a68cc3dc02ff8414481e41aa096e |
|
| /// File Name: |
defuserootkit.tar |
Description:
|
This utility removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.
| | Author: | cameleonu | | File Size: | 20480 | | Last Modified: | May 8 21:00:45 2003 |
| MD5 Checksum: | 0488beaaf98b29ec2446da6c6665766d |
|
| /// File Name: |
blowdoor30.c |
Description:
|
Blowdoor v3.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | Changes: | Fixed bugs. | | File Size: | 4109 | | Last Modified: | Apr 18 03:41:36 2003 |
| MD5 Checksum: | fbfef3f0719882d9ac666ac376c68036 |
|
| /// File Name: |
Mr-Lynd0v1.2.c |
Description:
|
Mr-Lynd0 is a log cleaner and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp. Version 1.2 released with bugfixes.
| | Author: | click | | File Size: | 6218 | | Last Modified: | Mar 7 01:38:35 2003 |
| MD5 Checksum: | 586820ca8ebab3a1e7edf4599c1a43d8 |
|
| /// File Name: |
file.c |
Description:
|
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
| | Author: | Gr33k | | Homepage: | http://www.frapes.org | | File Size: | 1920 | | Last Modified: | Jan 5 02:50:56 2003 |
| MD5 Checksum: | 770290c363c15e13d3eb89a80e65aa4e |
|
| /// File Name: |
ES-Malaria.tar.gz |
Description:
|
ES-Malaria is a ptrace() injector.
| | Author: | Brain Storm | | File Size: | 3222 | | Last Modified: | Dec 24 03:56:59 2002 |
| MD5 Checksum: | 7fe96ade196dc0c3b70e65b6ce6b8242 |
|
| /// File Name: |
sneaky-sneaky-1.48.tar.gz |
Description:
|
Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
| | Author: | Phish | | Changes: | Now with delays, decoys, timeouts and spoofing options. | | File Size: | 21256 | | Last Modified: | Dec 24 03:44:39 2002 |
| MD5 Checksum: | d670d308e31f0caca1bda8cde0fc72c2 |
|
| /// File Name: |
tl0gin.c |
Description:
|
Trojan /bin/login.
| | Author: | m4rc3l0 | | File Size: | 2164 | | Last Modified: | Dec 16 10:23:14 2002 |
| MD5 Checksum: | c4467dfbf32a55282b92eaaa055652a9 |
|
| /// File Name: |
4553-invader-2.1.1.tar.gz |
Description:
|
4553 - Invader v2.1.1 is source code which can append parasitic executable code to any ELF binary which causes it it to send a shell to a remote host. Uses TCP port 21317 by default.
| | Author: | Brain Storm,Resistor | | Homepage: | http://es.xor.ru | | File Size: | 3983 | | Last Modified: | Nov 27 04:50:06 2002 |
| MD5 Checksum: | e828fd8a619c206f18a7ae7ceb58344d |
|
| /// File Name: |
latte-release-beta-0.1.zip |
Description:
|
Latte is a little unix backdoor which only allows one UID to use it.
| | Author: | C0w-d0g | | File Size: | 44311 | | Last Modified: | Nov 20 01:59:31 2002 |
| MD5 Checksum: | 50b42878974dd58eece52e4941727f5a |
|
| /// File Name: |
BBD-0.4.tgz |
Description:
|
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. Allows remote command execution and file upload.
| | Author: | Detach | | File Size: | 8618 | | Last Modified: | Nov 19 11:16:47 2002 |
| MD5 Checksum: | 17a9eaece27bbf5b5a8601c89b3b3a27 |
|
| /// File Name: |
ownit-0.1.tar.gz |
Description:
|
Ownit is a script that installs libnet, libnids, and dsniff on a system.
| | Author: | CowDog. | | File Size: | 367936 | | Last Modified: | Nov 19 11:15:27 2002 |
| MD5 Checksum: | 16ed3989ac5deb8be2ec6ca4812a28a6 |
|
| /// File Name: |
sneaky-sneaky-1.12.tar.gz |
Description:
|
Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
| | Author: | Phish | | File Size: | 17353 | | Last Modified: | Nov 2 17:31:39 2002 |
| MD5 Checksum: | 1ff30567857b78272c86eaa119d49043 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
