Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
DevNull-rootkit-v0.9.tar.bz2 |
Description:
|
DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
| | Author: | Tutor | | Homepage: | http://r00tabega.com/group.html | | File Size: | 407661 | | Last Modified: | Mar 23 20:13:19 2000 |
| MD5 Checksum: | 864d9167f7a3e2d113cf6f1454a5b63b |
|
| /// File Name: |
ownit-0.1.tar.gz |
Description:
|
Ownit is a script that installs libnet, libnids, and dsniff on a system.
| | Author: | CowDog. | | File Size: | 367936 | | Last Modified: | Nov 19 11:15:27 2002 |
| MD5 Checksum: | 16ed3989ac5deb8be2ec6ca4812a28a6 |
|
| /// File Name: |
tk.tgz |
Description:
|
Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
| | Author: | Johnny7 | | File Size: | 343567 | | Last Modified: | Sep 18 19:44:39 2000 |
| MD5 Checksum: | 2332de2af78eca68542fa30fb2d37283 |
|
| /// File Name: |
SAdoor-20030805.tgz |
Description:
|
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3). First non-beta release.
| | Author: | CMN | | Homepage: | http://cmn.listprojects.darklab.org/ | | File Size: | 322932 | | Last Modified: | Aug 11 22:47:12 2003 |
| MD5 Checksum: | 82794a18353dde4f520ef3a53f99cd4b |
|
| /// File Name: |
Q-2.4.tar.gz |
Description:
|
Q v2.4 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports.
| | Author: | Mixter | | Homepage: | http://mixter.void.ru | | Changes: | Now uses strong RSA/libiSSL encryption for sessions; compatibility with libmix1.2; many bugfixes. | | File Size: | 319968 | | Last Modified: | Apr 15 13:38:37 2001 |
| MD5 Checksum: | 45a5b2c2b2612f6d6703cd984cc1d8e1 |
|
| /// File Name: |
wX.tar.gz |
Description:
|
WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.
| | Author: | Nemo | | Homepage: | http://neil.slampt.net/files/Projects/weaponX/ | | File Size: | 271409 | | Last Modified: | Nov 4 18:22:59 2004 |
| MD5 Checksum: | 12fa6fb5faf460fce717f8d298625bd0 |
|
| /// File Name: |
fbrk1-imps.tar.gz |
Description:
|
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
| | Author: | Nyo | | File Size: | 267168 | | Last Modified: | Nov 5 22:40:21 2001 |
| MD5 Checksum: | aabf3bc70afc09f16e0015272e8b2baa |
|
| /// File Name: |
wx-01.tar.gz |
Description:
|
New Macintosh OS-X rootkit that is roughly based off of adore. It hides itself from kextstat, netstat, utmp and wtmp. Further revisions to include a reverse shell triggered by ARP and DNS packets.
| | Author: | nemo | | Homepage: | http://neil.slampt.net/ | | File Size: | 263191 | | Last Modified: | Oct 27 02:49:35 2004 |
| MD5 Checksum: | 57d1312f1e101f52b9b08e4d557a2f99 |
|
| /// File Name: |
SAdoor.0.3.beta.tgz |
Description:
|
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://www.mdstud.chalmers.se/~md0claes | | File Size: | 262571 | | Last Modified: | Jun 27 23:32:10 2002 |
| MD5 Checksum: | a9e6f5155bde823d8fd50813852bee53 |
|
| /// File Name: |
backdoor.tar.gz |
Description:
|
This tarball has original source code for FreeBSD binaries such as find, fstat, kldstat, etc along with a script that enables you to easily set how you want them backdoored.
| | Author: | Dark.iNiTro | | Homepage: | http://ccb.0x48k.cc/index.php?module=files | | File Size: | 245330 | | Last Modified: | May 2 20:06:51 2007 |
| MD5 Checksum: | 3046022b733bd0ccc37165e34a2db7ad |
|
| /// File Name: |
wu-ftpd-trojan.tar.gz |
Description:
|
Wu-ftpd Trojan - Login with specific user/pass and it gives you a root shell.
| | Author: | Axess | | File Size: | 243698 | | Last Modified: | Feb 15 14:09:38 2000 |
| MD5 Checksum: | d4898700229efa2117f06379ec538d6c |
|
| /// File Name: |
doorman-0.81.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed the silent doorman problem. | | File Size: | 140643 | | Last Modified: | Sep 7 04:35:58 2005 |
| MD5 Checksum: | f0f30132a541122fa46f4d6d321260d9 |
|
| /// File Name: |
doorman-0.8.tgz |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed several bugs. | | File Size: | 139950 | | Last Modified: | Aug 5 02:55:27 2004 |
| MD5 Checksum: | 44a495d06bf81ac9a824380612035672 |
|
| /// File Name: |
_root_040.zip |
Description:
|
Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides registry keys - (keyboard patch disabled in this build.) Includes execution redirection.
| | Homepage: | http://www.rootkit.com | | File Size: | 107713 | | Last Modified: | Jul 29 05:16:28 2001 |
| MD5 Checksum: | 12487fc88e78176f582cbbdbd45f2575 |
|
| /// File Name: |
flea.tar.gz |
Description:
|
FLEA is a linux rootkit for all distributions.
| | Author: | skatE | | Homepage: | http://www.the-diamonds.org | | File Size: | 106847 | | Last Modified: | Oct 4 03:30:20 2002 |
| MD5 Checksum: | dfd8f8b6babe05182bb5c3e3e1b5d5a3 |
|
| /// File Name: |
tnet-tools-1.55.tar.gz |
Description:
|
Ifconfig and Netstat trojan - reads interfaces (sit0, eth0, eth0:1) from a file , defined in a char[] array and hides it.
| | Author: | Twiz | | Homepage: | http://www.twlc.net | | File Size: | 99011 | | Last Modified: | Jul 18 21:31:51 2001 |
| MD5 Checksum: | 66e7b041c4913304d281ae0701d9b059 |
|
| /// File Name: |
kis-0.9.tar.gz |
Description:
|
KIS is the Kernel Intrusion System, a powerful client / server LKM based rootkit.
| | Author: | Optyx | | Homepage: | http://www.uberhax0r.net/kis | | File Size: | 87860 | | Last Modified: | Jul 19 19:57:12 2001 |
| MD5 Checksum: | 55fa64d52771873a841e22a59b00bb42 |
|
| /// File Name: |
osxrk-0.2.1.tbz |
Description:
|
MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.
| | Author: | gapple | | File Size: | 86449 | | Last Modified: | Sep 10 12:35:27 2004 |
| MD5 Checksum: | 4d88ce2a44718703f5de06a26c26349a |
|
| /// File Name: |
b0stt.tar.gz |
Description:
|
Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
| | Author: | xfer | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 83433 | | Last Modified: | May 7 23:09:22 2000 |
| MD5 Checksum: | 3ca811fa7c30725b688e469ac3d73e0a |
|
| /// File Name: |
rootkit.zip |
Description:
|
Unavailable.
| | File Size: | 79041 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | fda05ac95076efa11544721c1a77b8e3 |
|
| /// File Name: |
rootkitLinux.tgz |
Description:
|
Unavailable.
| | File Size: | 74555 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 2cf0bb76408f18b9ce32c7350d909c0c |
|
| /// File Name: |
rootkitSunOS.tgz |
Description:
|
Unavailable.
| | File Size: | 69919 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 78795fed5abb0aaed98b41a62cafb393 |
|
| /// File Name: |
knark-2.4.3.tgz |
Description:
|
Knark v2.4.3 port is a usable kernel-based rootkit for Linux which is based on knark-0.59. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects. Also includes a kernel module to protect Linux 2.4 from knark.
| | Author: | Cyberwinds | | File Size: | 59931 | | Last Modified: | May 21 18:23:10 2001 |
| MD5 Checksum: | ca1ebe26ab1138ebe431751f526df817 |
|
| /// File Name: |
pop3d-trojan.tar.gz |
Description:
|
in.pop3d backdoor - Still functions as in.pop3d, but gives a shell with the proper password.
| | Author: | Formatez | | File Size: | 58476 | | Last Modified: | Jan 24 15:28:44 2000 |
| MD5 Checksum: | 17c5305640b6991c01bca8be2220d04a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
