Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
rwwwshell-2.0.pl.gz |
Description:
|
Reverse-WWW-Tunnel-Backdoor v2.0 - This backdoor should work through any firewall which has got the security policy to allow users to surf the WWW. Verified to work on Linux, Solaris, AIX and OpenBSD.
| | Author: | van Hauser | | Homepage: | http://www.thc.org/ | | Changes: | Now has full HTTP v1.0 compliance. | | File Size: | 5440 | | Last Modified: | Jun 4 03:20:12 2002 |
| MD5 Checksum: | b54eb0a55405d0b11681391f70fe0be6 |
|
| /// File Name: |
blowdoor01b.c |
Description:
|
Blowdoor is a unix backdoor with a definable port, password, executable to run, process to show job as, and logging facility.
| | Author: | bl0w | | Homepage: | http://www.secworld.org/ | | File Size: | 5324 | | Last Modified: | Aug 18 16:24:07 2002 |
| MD5 Checksum: | c8070fe07386800d942dbb40acd46517 |
|
| /// File Name: |
Synapsys-lkm.tar.gz |
Description:
|
Synapsis is a LKM rootkit for Linux which features file hiding, process hiding, user hiding, magic UID, and netstat hiding.
| | Author: | Berserker | | Homepage: | http://www.neural-collapse.org | | File Size: | 5298 | | Last Modified: | Mar 16 17:27:35 2001 |
| MD5 Checksum: | aa9aeedd64b1d79407698c5703d358fc |
|
| /// File Name: |
n-du.tgz |
Description:
|
N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
| | Author: | Serguei | | File Size: | 5252 | | Last Modified: | Sep 29 23:39:17 2004 |
| MD5 Checksum: | a18fef559fcfc16db6beadd02924cde6 |
|
| /// File Name: |
mix.c |
Description:
|
Simple generic backdoor protected by a password encrypted with an MD5 hash. Gets added into inittab.
| | Author: | Serial Killah | | File Size: | 5244 | | Last Modified: | May 20 17:56:09 2004 |
| MD5 Checksum: | 472a0b9ee3932c0c401d7f1c6c043625 |
|
| /// File Name: |
icmp-backdoor.tar.gz |
Description:
|
Small ICMP backdoor which works under BSD, Linux, and Solaris. Because you can define the icmp_code to use it is able simulate an echo_request <-> echo_reply conversation so it looks like a normal ping with bigger packets. It also includes a session_id to detect the right packets (which is also done by certain icmp_id's).
| | Author: | Martin J. Muench | | Homepage: | http://www.codito.de | | File Size: | 5118 | | Last Modified: | May 30 01:49:11 2002 |
| MD5 Checksum: | d77f547863617b69e6206eb72c90fce2 |
|
| /// File Name: |
maxty.tar.gz |
Description:
|
Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
| | Author: | Paul | | File Size: | 4867 | | Last Modified: | Apr 6 21:04:31 2001 |
| MD5 Checksum: | 8ed7a10a7153e74d0f1495d65783dc4d |
|
| /// File Name: |
Trojanit.tar.gz |
Description:
|
compact trojan/root kit for linux and maybe bsd.
| | Author: | syg [at] EFnet. bugfix release. | | File Size: | 4866 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | f37b1a87bd7484f393118ead24edaab2 |
|
| /// File Name: |
blowdoor01c.c |
Description:
|
Blowdoor is a backdoor for unix systems using md5sum passwords.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 4730 | | Last Modified: | Aug 28 00:45:53 2002 |
| MD5 Checksum: | 6463bd5ffa2ba22447718154fa4295cb |
|
| /// File Name: |
BBD-0.3.tgz |
Description:
|
BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.
| | Author: | Detach | | File Size: | 4694 | | Last Modified: | Aug 21 01:50:31 2002 |
| MD5 Checksum: | 2d2074b6a4c23bf8bb912ffe8dbeb658 |
|
| /// File Name: |
rrc_v0.2.tar.gz |
Description:
|
RRC (Roland Remote Control) v0.2 can be used to control a linux box from a remote location.
| | Author: | Roland | | File Size: | 4623 | | Last Modified: | Oct 29 22:58:35 2003 |
| MD5 Checksum: | 57dc5fcde41b7e0100ff50d76b3a617f |
|
| /// File Name: |
false.c |
Description:
|
False.c is a local/remote backdoor for Linux.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 4536 | | Last Modified: | Jun 4 01:35:29 2002 |
| MD5 Checksum: | c122ccd9599635642b598c075d000acd |
|
| /// File Name: |
linspy2beta2.tgz |
Description:
|
Linspy is keystroke logger for linux kernels v2.2 and 2.4 which records TTY activity. Based on Halflife's article from Phrack 50.
| | Author: | Xian | | File Size: | 4524 | | Last Modified: | Apr 17 02:35:56 2002 |
| MD5 Checksum: | 0099f4b8f9f3268dbea495ee6168b78a |
|
| /// File Name: |
cgiback.tgz |
Description:
|
CGI backdoor which can be compiled with or without logging. Password protected. Tested on Redhat 6.1.
| | Author: | Overflow | | File Size: | 4296 | | Last Modified: | Dec 6 18:36:00 1999 |
| MD5 Checksum: | d655d5f0af6adf9f8fba1cba39f1d0ee |
|
| /// File Name: |
modhide1.c |
Description:
|
Modhide1.c demonstrates a new method of hiding kernel modules which does not trigger any normal detection techniques because it does not change lsmod or the system call table. Instead it hacks the kernel's memory to make it "forget" the module.
| | Author: | J.B. LeSage. | | File Size: | 4296 | | Last Modified: | May 23 19:59:32 2001 |
| MD5 Checksum: | 38fc557e5f938e246db103109f457d4e |
|
| /// File Name: |
ovas0n.c |
Description:
|
Opens a password protected backdoor and lets you execute commands, and then hides in the background. Based on gs.c.
| | Author: | misteri0 | | File Size: | 4160 | | Last Modified: | Jan 10 01:45:19 2000 |
| MD5 Checksum: | 43ff0cfc1b7dce9d3e4729fe7d1659a3 |
|
| /// File Name: |
blowdoor30.c |
Description:
|
Blowdoor v3.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | Changes: | Fixed bugs. | | File Size: | 4109 | | Last Modified: | Apr 18 03:41:36 2003 |
| MD5 Checksum: | fbfef3f0719882d9ac666ac376c68036 |
|
| /// File Name: |
hhp-SSH_TROSNIFF.tgz |
Description:
|
hhp-trosniff is a complete package of patches to modify ssh, ssh2, sshd, ssh2d, and opensshd to extract and log the Incoming/Target HostName/UserName/Password. Intended to log brute force attacks and deleted users who try to gain access.
| | Author: | Loophole | | File Size: | 4064 | | Last Modified: | Jun 21 19:31:24 2000 |
| MD5 Checksum: | 8bc929c223f30bbea750ab01ca5fdd70 |
|
| /// File Name: |
cheetah.c |
Description:
|
Cheetah version 1.0 is a remote Linux/BSD backdoor that offer low CPU usage, Port/Backlog selection, a remote shell, user/password protection, and process faking.
| | Author: | Tal0n | | File Size: | 4034 | | Last Modified: | Aug 26 15:43:31 2004 |
| MD5 Checksum: | 4b2b6b1061976b608ba5bebff00c4445 |
|
| /// File Name: |
4553-invader-2.1.1.tar.gz |
Description:
|
4553 - Invader v2.1.1 is source code which can append parasitic executable code to any ELF binary which causes it it to send a shell to a remote host. Uses TCP port 21317 by default.
| | Author: | Brain Storm, Resistor | | Homepage: | http://es.xor.ru | | File Size: | 3983 | | Last Modified: | Nov 27 04:50:06 2002 |
| MD5 Checksum: | e828fd8a619c206f18a7ae7ceb58344d |
|
| /// File Name: |
server.c |
Description:
|
Gummo backdoor server - a basic but effective backdoor server.
| | Author: | ph1x, featured in b4b0 #6. | | File Size: | 3930 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | 14049dbf8ff36ffccd6beb5474710447 |
|
| /// File Name: |
override.tar.gz |
Description:
|
Unavailable.
| | File Size: | 3918 | | Last Modified: | Jan 26 05:04:39 2006 |
| MD5 Checksum: | ebd24e8673c12b43c1ac08a1c341075c |
|
| /// File Name: |
pizzaicmp.c |
Description:
|
ICMP-based triggered Linux kernel module that executes a local binary upon successful use.
| | Author: | Evil | | Homepage: | http://www.eviltime.com | | File Size: | 3898 | | Last Modified: | Sep 14 20:59:10 2004 |
| MD5 Checksum: | c9c063dae420499bd575306c2176694b |
|
| /// File Name: |
override.tar.bz |
Description:
|
The override Rootkit: A LKM Linux 2.6 rootkit that uses patched systemcalls. Features - Hides pids and automatically hides the pids of child processes - Hides network ports - Hides files which begin with a user-defined prefix - Can show the hidden pids.
| | Author: | Amir Alsbih | | Homepage: | http://www.informatik.uni-freiburg.de/~alsbiha/ | | File Size: | 3883 | | Last Modified: | Jan 27 14:12:33 2006 |
| MD5 Checksum: | 31a9eb52f4907924ba9fb22287b44996 |
|
| /// File Name: |
blowdoor20.c |
Description:
|
Blowdoor v2.0 is a backdoor for Unix systems and uses md5sum passwords for authentication.
| | Author: | Bl0w | | Homepage: | http://www.secworld.org | | File Size: | 3831 | | Last Modified: | Sep 20 03:56:18 2002 |
| MD5 Checksum: | af17d89167bd317c22d516fcfa01bd12 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
