.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / UNIX / penetration / rootkits /

The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.

Page 7 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 150 - 175 of 208

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	tk.tgz
Description:	Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
Author:	Johnny7
File Size:	343567
Last Modified:	Sep 18 19:44:39 2000
MD5 Checksum:	2332de2af78eca68542fa30fb2d37283

/// File Name:	whodo.c
Description:	Whodo.c is a simple local backdoor for the Solaris whodo command.
Author:	Dr. Genius
File Size:	20226
Last Modified:	Aug 17 12:56:35 2000
MD5 Checksum:	7ebf7fd1c6e52d36f0e165c4185020d4

/// File Name:	tcpd-byp.tar.gz
Description:	Modified tcp wrappers which bypass restrictions in hosts.deny and hosts.allow.
Author:	God-
Homepage:	ftp://haxordot.org/pub/god-/
File Size:	14905
Last Modified:	Aug 5 23:07:04 2000
MD5 Checksum:	ac6a784b6ca87296554ef4544558b0d3

/// File Name:	netstat.sh
Description:	Netstat.sh is a shell script which compiles a C wrapper around /bin/netstat which hides a class B address space.
Author:	God-
Homepage:	ftp://haxordot.org/pub/god-/
File Size:	1125
Last Modified:	Aug 5 23:01:47 2000
MD5 Checksum:	1aaeb2723b4dba0eb612ef3fbfea415f

/// File Name:	bd.pl
Description:	bd.pl is a backdoor written in perl which sits on port 33556 by default, requires a password, and unsets the history environment variables.
Author:	Mugwump Mugwump
File Size:	959
Last Modified:	Jul 24 19:46:07 2000
MD5 Checksum:	b4aea0b2942de55ca24b6bbe25b467f2

/// File Name:	lrk-4.1.tar.gz
Description:	Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed. Includes a better find patch, fixed install of pidof / killall, fixed rshd patch, compilation fixes, and more. Released 11-may-2000, tested on Linux kernel 2.2.6, Slackware 4.0.
Author:	Rolling
File Size:	890103
Last Modified:	Jul 22 03:20:26 2000
MD5 Checksum:	3028892d2463f353e24419a83cccb1b3

/// File Name:	md5bd.c
Description:	md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
Author:	Mixter
Homepage:	http://1337.tsx.org
File Size:	3004
Last Modified:	Jul 15 17:48:54 2000
MD5 Checksum:	2fa9b94368cf2d9b511d009aece38bce

/// File Name:	hhp-SSH_TROSNIFF.tgz
Description:	hhp-trosniff is a complete package of patches to modify ssh, ssh2, sshd, ssh2d, and opensshd to extract and log the Incoming/Target HostName/UserName/Password. Intended to log brute force attacks and deleted users who try to gain access.
Author:	Loophole
File Size:	4064
Last Modified:	Jun 21 19:31:24 2000
MD5 Checksum:	8bc929c223f30bbea750ab01ca5fdd70

/// File Name:	sendmailcftrojan.tar.gz
Description:	Backdoored sendmail.cf - Install on a system that is running sendmail it allows you to spawn an xterm on any remote host.
Author:	Naif
File Size:	20829
Last Modified:	Jun 14 12:47:05 2000
MD5 Checksum:	027013770bd78a014196b2f5b2adb3b3

/// File Name:	cd00r.c
Description:	cd00r.c is a proof of concept code to test the idea of a completely invisible (read: not listening) backdoor server. Standard backdoors and remote access services have one major problem - the port's they are listening on are visible on the system console as well as from outside (by port scanning). To activate the remote access service, one has to send several packets (TCP SYN) to ports on the target system. Which ports in which order and how many of them can be defined in the source code.
Author:	FX
Homepage:	http://www.phenoelit.de/
File Size:	16605
Last Modified:	Jun 13 17:29:23 2000
MD5 Checksum:	f7d023c9bfa342c440262beb65dd105e

/// File Name:	CGIbackdoor.txt
Description:	CGI Backdoor - Perl based client / server backdoor which communicates over port 80, bypassing many firewalls.
Author:	Hypoclear
Homepage:	http://hypoclear.cjb.net
File Size:	3464
Last Modified:	Jun 13 16:23:11 2000
MD5 Checksum:	a64eb7601c4e7f66ae24d04b3766e345

/// File Name:	Raditz.cc
Description:	Raditz is a hacked replacement for the tripwire binary which never actually gets tripped. It attempts look and feel just like tripwire, allowing you to hopefully remain undetected on a rooted system just a little bit longer.
Author:	Technion
Homepage:	http://www.coons.org/
File Size:	6264
Last Modified:	Jun 8 18:06:00 2000
MD5 Checksum:	9498698261bb430e8552e191a34ac37e

/// File Name:	mod_backdoor.c
Description:	Apache DSO backdoor - A get request to a "special" url allows remote command execution.
Author:	Slash
Homepage:	http://b0f.freebsd.lublin.pl
File Size:	8809
Last Modified:	Jun 5 14:52:24 2000
MD5 Checksum:	84e2f164eca988c6647d0dc512f4536c

/// File Name:	cisco-ack-proof-concept.tgz
Description:	This document contains details on a proof-of-concept white paper on how to circumvent Cisco access-lists which rely on only permitting "established" TCP sessions by establishing communications between a client and server (included) which never uses the SYN bit. Works on any firewall that accepts all packets without the syn bit.
Author:	Codex
Homepage:	http://www.phate.net/docs/security/
File Size:	12711
Last Modified:	May 31 18:23:32 2000
MD5 Checksum:	e7c9032c77ac8938e06fd163cdc9e3fd

/// File Name:	shadyshell.c
Description:	shadyshell.c is a flexible, obfuscated, and lightweight UDP portshell. Takes client input via netcat -u.
Author:	S
File Size:	1159
Last Modified:	May 31 00:42:23 2000
MD5 Checksum:	8375bfbba53bf96bdb2c25cdd0e9ef28

/// File Name:	b0stt.tar.gz
Description:	Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
Author:	xfer
Homepage:	http://b0f.freebsd.lublin.pl
File Size:	83433
Last Modified:	May 7 23:09:22 2000
MD5 Checksum:	3ca811fa7c30725b688e469ac3d73e0a

/// File Name:	DevNull-rootkit-v0.9.tar.bz2
Description:	DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
Author:	Tutor
Homepage:	http://r00tabega.com/group.html
File Size:	407661
Last Modified:	Mar 23 20:13:19 2000
MD5 Checksum:	864d9167f7a3e2d113cf6f1454a5b63b

/// File Name:	rpv21.tar.gz
Description:	Reverse Pimpage is a tool for allowing one to telnet backwards through a firewall, assuming the box is allowed to make outgoing tcp connections. You have to be able to get access to the inside machine first, though, to get the client on the machine.
Author:	Tommy.
Homepage:	http://soomka.com
Changes:	The terminal emulation now works.
File Size:	36773
Last Modified:	Feb 16 17:15:01 2000
MD5 Checksum:	bc494b0a8cd6928710f1a50462b1d5b4

/// File Name:	wu-ftpd-trojan.tar.gz
Description:	Wu-ftpd Trojan - Login with specific user/pass and it gives you a root shell.
Author:	Axess
File Size:	243698
Last Modified:	Feb 15 14:09:38 2000
MD5 Checksum:	d4898700229efa2117f06379ec538d6c

/// File Name:	lrk5.src.tar.gz
Description:	Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, thesniff, sniffchk, wted, and z2.
Author:	Lord Somer
Homepage:	http://www.lordsomer.com/
Changes:	sshd-2.0.13 patch, a better sniffer, a backdoored su, and better crontab. Warning: This software causes anti-virus false positives.
File Size:	3301054
Last Modified:	Feb 11 19:27:02 2000
MD5 Checksum:	e18b708650f7dc4cca447df33d09740f

/// File Name:	sendm-8.9.3trojan.tar.gz
Description:	Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell.
Author:	Axess
File Size:	598384
Last Modified:	Feb 11 18:01:29 2000
MD5 Checksum:	c4d6ca89d5ceea3f5e071040ad29b4d8

/// File Name:	utrojan.c
Description:	Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd.
Author:	Axess
File Size:	1625
Last Modified:	Feb 7 15:13:50 2000
MD5 Checksum:	40afffb1f5acd39467e53bb6b41088d1

/// File Name:	ulogin.c
Description:	Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
Author:	Tragedy
Homepage:	http://www.etc-crew.org
File Size:	1344
Last Modified:	Feb 4 17:54:55 2000
MD5 Checksum:	4d5c12f579e07686a1b350c0064601f4

/// File Name:	taskigt.tar.gz
Description:	Taskigt - A lkm that gives root to a process that read a special file in /proc.
Author:	noah
Homepage:	http://ns2.crw.se/~tm/
File Size:	1286
Last Modified:	Jan 28 18:54:48 2000
MD5 Checksum:	b4d52ecb3a6914d9836ecfea34237649

/// File Name:	phide.tar.gz
Description:	Phide - A lkm that hides processes under Linux 2.0. There already exist such thing for Linux 2.2 [like heroin.c or knark] but they're just for Linux 2.2.
Author:	noah
Homepage:	http://ns2.crw.se/~tm/
File Size:	2667
Last Modified:	Jan 28 18:53:58 2000
MD5 Checksum:	25ca4d12e42ba1ac0e3a5a71ccc9f33e

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]