Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
kis-0.9.tar.gz |
Description:
|
KIS is the Kernel Intrusion System, a powerful client / server LKM based rootkit.
| | Author: | Optyx | | Homepage: | http://www.uberhax0r.net/kis | | File Size: | 87860 | | Last Modified: | Jul 19 19:57:12 2001 |
| MD5 Checksum: | 55fa64d52771873a841e22a59b00bb42 |
|
| /// File Name: |
knark-0.50.tar.gz |
Description:
|
Knark is a kernel-based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects.
| | Author: | Creed | | File Size: | 12856 | | Last Modified: | Nov 15 19:49:25 1999 |
| MD5 Checksum: | 93b4d72822ac6b8cd5346542ae7804f8 |
|
| /// File Name: |
knark-0.59.tar.gz |
Description:
|
Knark is a kernel based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects for seamlessly bypassing tripwire / md5sum.
| | Author: | Creed | | Changes: | Remote command execution. | | File Size: | 15169 | | Last Modified: | Nov 21 01:12:10 1999 |
| MD5 Checksum: | adde1bb47d9e45237e83d85f8d48098f |
|
| /// File Name: |
knark-2.4.3.tgz |
Description:
|
Knark v2.4.3 port is a usable kernel-based rootkit for Linux which is based on knark-0.59. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects. Also includes a kernel module to protect Linux 2.4 from knark.
| | Author: | Cyberwinds | | File Size: | 59931 | | Last Modified: | May 21 18:23:10 2001 |
| MD5 Checksum: | ca1ebe26ab1138ebe431751f526df817 |
|
| /// File Name: |
last1.tgz |
Description:
|
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
| | Author: | K1net1c | | File Size: | 3160878 | | Last Modified: | Sep 24 06:13:41 2002 |
| MD5 Checksum: | 56b9eb9fabe884ebc8bcb02aa5f065c2 |
|
| /// File Name: |
latte-release-beta-0.1.zip |
Description:
|
Latte is a little unix backdoor which only allows one UID to use it.
| | Author: | C0w-d0g | | File Size: | 44311 | | Last Modified: | Nov 20 01:59:31 2002 |
| MD5 Checksum: | 50b42878974dd58eece52e4941727f5a |
|
| /// File Name: |
lbk.tar.gz |
Description:
|
LBK is a local kernel based (kld) backdoor for FreeBSD 4.0 which provides a root shell if the TERM environment variable is set with the password.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 1190 | | Last Modified: | Dec 11 19:02:06 2000 |
| MD5 Checksum: | 9c0ce7942d25d16b8b7571dc588039f0 |
|
| /// File Name: |
linspy2beta2.tgz |
Description:
|
Linspy is keystroke logger for linux kernels v2.2 and 2.4 which records TTY activity. Based on Halflife's article from Phrack 50.
| | Author: | Xian | | File Size: | 4524 | | Last Modified: | Apr 17 02:35:56 2002 |
| MD5 Checksum: | 0099f4b8f9f3268dbea495ee6168b78a |
|
| /// File Name: |
logginsh.txt |
Description:
|
loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.
| | Author: | Pranav Joshi, Deepak Kaul | | File Size: | 1266 | | Last Modified: | Jun 5 04:40:02 2006 |
| MD5 Checksum: | 59b000733a8ab35f124a73afcd31bf40 |
|
| /// File Name: |
login-back.c |
Description:
|
Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
| | Author: | tracewar | | File Size: | 1488 | | Last Modified: | Oct 2 13:09:48 2003 |
| MD5 Checksum: | c0a77d42bb53610b4ec2daf01cda55b1 |
|
| /// File Name: |
login.tgz |
Description:
|
login package for linux - backdoored.
| | Author: | TheFinn | | Homepage: | http://circuit4.net/~thefinn | | File Size: | 32632 | | Last Modified: | Mar 18 00:09:58 2002 |
| MD5 Checksum: | e9ead72cdd327d67c6cf4baf41610ee4 |
|
| /// File Name: |
lrk-4.1.tar.gz |
Description:
|
Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed. Includes a better find patch, fixed install of pidof / killall, fixed rshd patch, compilation fixes, and more. Released 11-may-2000, tested on Linux kernel 2.2.6, Slackware 4.0.
| | Author: | Rolling | | File Size: | 890103 | | Last Modified: | Jul 22 03:20:26 2000 |
| MD5 Checksum: | 3028892d2463f353e24419a83cccb1b3 |
|
| /// File Name: |
lrk4.shad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Shadowed Distribution.
| | Author: | Lord Somer. | | File Size: | 1026038 | | Last Modified: | Aug 16 20:05:22 1999 |
| MD5 Checksum: | d476a0e8cac2d1f7e6e6f70cb451cb39 |
|
| /// File Name: |
lrk4.src.tar.gz |
Description:
|
Linux Rootkit - Source Distribution.
| | Author: | Lord Somer. | | File Size: | 900450 | | Last Modified: | Aug 16 20:05:23 1999 |
| MD5 Checksum: | c2f886c7af1e6318f79460ff0ffe4f5e |
|
| /// File Name: |
lrk4.unshad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Unshadowed Distribution.
| | Author: | Lord Somer. | | File Size: | 1252709 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | b4070c30eb6ec9f6b18c3c2dbbbf488c |
|
| /// File Name: |
lrk5.src.tar.gz |
Description:
|
Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, thesniff, sniffchk, wted, and z2.
| | Author: | Lord Somer | | Homepage: | http://www.lordsomer.com/ | | Changes: | sshd-2.0.13 patch, a better sniffer, a backdoored su, and better crontab. Warning: This software causes anti-virus false positives. | | File Size: | 3301054 | | Last Modified: | Feb 11 19:27:02 2000 |
| MD5 Checksum: | e18b708650f7dc4cca447df33d09740f |
|
| /// File Name: |
lrkn.tgz |
Description:
|
Linux rootkit 3.0 - Includes trojaned chfn, chsh, inetd, login, ls, du ifconfig, netstat, passwd, ps, top, rshd, syslod, tcpd, etc.
| | File Size: | 3639016 | | Last Modified: | Aug 16 20:05:21 1999 |
| MD5 Checksum: | 1aa105cdaedac8438f773cb5bd645848 |
|
| /// File Name: |
lyceum-2.46.tar.gz |
Description:
|
Lyceum is an advance stealthed client/server backdoor that uses encrypted spoofed UDP packets to administer the server and the two built-in ICMP backdoors. Each ICMP backdoor exploits a different feature of the protocol, the first creating a bi-directionally spoofed ICMP tunnel and the second uses passive nodes as zombies to relay ICMP backdoor traffic.
| | Author: | phish | | File Size: | 53720 | | Last Modified: | Jul 23 21:43:29 2004 |
| MD5 Checksum: | 2fe58f1103cb072dd24f1be121814dfb |
|
| /// File Name: |
m0rtix.c |
Description:
|
m0rtix.c is a simple C linux backdoor which bind a shell to a port with tty fork. The processes are hidden and it contains a kernel version detector which tell you what local root exploit you must use to root the system.
| | Author: | jeremy still | | File Size: | 12040 | | Last Modified: | Apr 28 20:30:27 2006 |
| MD5 Checksum: | 6503eae7a42fb2d5336a3a0cde0c5bb0 |
|
| /// File Name: |
m_rev-0.2.c |
Description:
|
A little ptrace()-based utility for process argument/name hiding. Works on most Linux 2.6 kernels/configurations (x86/x86-64 architecture).
| | Author: | ernie@ernie | | File Size: | 20129 | | Last Modified: | Jan 29 21:49:07 2008 |
| MD5 Checksum: | 2e8bb365b19a752d7bde5b88a1045089 |
|
| /// File Name: |
maxty.tar.gz |
Description:
|
Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
| | Author: | Paul | | File Size: | 4867 | | Last Modified: | Apr 6 21:04:31 2001 |
| MD5 Checksum: | 8ed7a10a7153e74d0f1495d65783dc4d |
|
| /// File Name: |
md5bd.c |
Description:
|
md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
| | Author: | Mixter | | Homepage: | http://1337.tsx.org | | File Size: | 3004 | | Last Modified: | Jul 15 17:48:54 2000 |
| MD5 Checksum: | 2fa9b94368cf2d9b511d009aece38bce |
|
| /// File Name: |
mix.c |
Description:
|
Simple generic backdoor protected by a password encrypted with an MD5 hash. Gets added into inittab.
| | Author: | Serial Killah | | File Size: | 5244 | | Last Modified: | May 20 17:56:09 2004 |
| MD5 Checksum: | 472a0b9ee3932c0c401d7f1c6c043625 |
|
| /// File Name: |
mod_backdoor.c |
Description:
|
Apache DSO backdoor - A get request to a "special" url allows remote command execution.
| | Author: | Slash | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 8809 | | Last Modified: | Jun 5 14:52:24 2000 |
| MD5 Checksum: | 84e2f164eca988c6647d0dc512f4536c |
|
| /// File Name: |
modhide1.c |
Description:
|
Modhide1.c demonstrates a new method of hiding kernel modules which does not trigger any normal detection techniques because it does not change lsmod or the system call table. Instead it hacks the kernel's memory to make it "forget" the module.
| | Author: | J.B. LeSage. | | File Size: | 4296 | | Last Modified: | May 23 19:59:32 2001 |
| MD5 Checksum: | 38fc557e5f938e246db103109f457d4e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
