.:[ packet storm ]:.
                           
the one stop shop
the one stop shop

 Section:  .. / UNIX / penetration / rootkits  /

The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.

Page 5 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 100 - 125 of 217
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: SAdoor.0.3.beta.tgz
Description:
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
Author:CMN
Homepage:http://www.mdstud.chalmers.se/~md0claes
File Size:262571
Last Modified:Jun 27 23:32:10 2002
MD5 Checksum:a9e6f5155bde823d8fd50813852bee53

 ///  File Name: dica.tgz
Description:
Dica is a rootkit found in the wild. Looks like a t0rn variant. Thanks to Rob Hock
File Size:1366469
Last Modified:Jun 6 02:07:13 2002
MD5 Checksum:0f5ffea16e599bb13a69b4ba9b3748e2

 ///  File Name: rwwwshell-2.0.pl.gz
Description:
Reverse-WWW-Tunnel-Backdoor v2.0 - This backdoor should work through any firewall which has got the security policy to allow users to surf the WWW. Verified to work on Linux, Solaris, AIX and OpenBSD.
Author:van Hauser
Homepage:http://www.thc.org/
Changes:Now has full HTTP v1.0 compliance.
File Size:5440
Last Modified:Jun 4 03:20:12 2002
MD5 Checksum:b54eb0a55405d0b11681391f70fe0be6

 ///  File Name: SeCshell.c
Description:
Local backdoor - Secure root shell, protected by standard DES encryption.
Author:Pir8
Homepage:http://www.dtors.net
File Size:901
Last Modified:Jun 4 01:36:45 2002
MD5 Checksum:023099b2625f65810fde4ab2f89f6af7

 ///  File Name: false.c
Description:
False.c is a local/remote backdoor for Linux.
Author:Pir8
Homepage:http://www.dtors.net
File Size:4536
Last Modified:Jun 4 01:35:29 2002
MD5 Checksum:c122ccd9599635642b598c075d000acd

 ///  File Name: pure-xinetd-backdoor.c
Description:
Xinetd backdoor.
Author:Pwr
File Size:1339
Last Modified:Jun 2 23:40:25 2002
MD5 Checksum:7d06bac34cf9bd9bd77ad1523bfa48b5

 ///  File Name: icmp-backdoor.tar.gz
Description:
Small ICMP backdoor which works under BSD, Linux, and Solaris. Because you can define the icmp_code to use it is able simulate an echo_request <-> echo_reply conversation so it looks like a normal ping with bigger packets. It also includes a session_id to detect the right packets (which is also done by certain icmp_id's).
Author:Martin J. Muench
Homepage:http://www.codito.de
File Size:5118
Last Modified:May 30 01:49:11 2002
MD5 Checksum:d77f547863617b69e6206eb72c90fce2

 ///  File Name: trojodaemon.c
Description:
Trojodaemon is a simple tool which allows you to start a process at boot.
Author:Devilnet
File Size:2214
Last Modified:May 29 02:00:44 2002
MD5 Checksum:4ee3bb29be054cab63922eb934cfec60

 ///  File Name: psf.c
Description:
Psf (Process Stack Faker) attempts "hide" UN*X processes (those seen by "ps auwx" & "top") without having root. Tested on FreeBSD 4.3, Linux 2.4, NetBSD 1.5, Solaris 2.7.
Homepage:http://sysdlabs.hypermart.net/proj/index.html#psf
File Size:10641
Last Modified:May 20 01:01:11 2002
MD5 Checksum:9201bd94e640580b7fab70294ff169b6

 ///  File Name: linspy2beta2.tgz
Description:
Linspy is keystroke logger for linux kernels v2.2 and 2.4 which records TTY activity. Based on Halflife's article from Phrack 50.
Author:Xian
File Size:4524
Last Modified:Apr 17 02:35:56 2002
MD5 Checksum:0099f4b8f9f3268dbea495ee6168b78a

 ///  File Name: fbsd.tgz
Description:
FreeBSD rootkit precompiled binaries for 4.2-RELEASE.
Author:Nyo,Jade
File Size:1201232
Last Modified:Mar 20 01:48:13 2002
MD5 Checksum:3ba84e13541e99d8356dd119efc33c1e

 ///  File Name: login.tgz
Description:
login package for linux - backdoored.
Author:TheFinn
Homepage:http://circuit4.net/~thefinn
File Size:32632
Last Modified:Mar 18 00:09:58 2002
MD5 Checksum:e9ead72cdd327d67c6cf4baf41610ee4

 ///  File Name: openssh-3.0.2p1rk.tgz
Description:
OpenSSH v3.0.2p1 backdoor. The version displayed and magic password is editable.
Author:TheFinn
Homepage:http://circuit4.net/~thefinn
File Size:799742
Last Modified:Mar 13 23:40:03 2002
MD5 Checksum:132e60e0268286f1cb43323a656aaae4

 ///  File Name: udp_backdoor.tar.gz
Description:
UDP backdoor which uses raw sockets. It spoofs the packets origin address when communicating with the server end of the backdoor. It also uses encryption, and has several methods of security through obscurity.
Author:Plastek
File Size:3380
Last Modified:Feb 22 02:06:24 2002
MD5 Checksum:e631d34f6472356f7a8695a2650e6197

 ///  File Name: tunnelshell_v1.tgz
Description:
Tunnelshell is a client-server backdoor which uses fragmented packets to traverse firewalls. Written in C, tested on Linux.
Author:fryxar
File Size:15410
Last Modified:Jan 31 02:18:07 2002
MD5 Checksum:d85e5b237d50e8eac3adc6a84bc13157

 ///  File Name: kernel.keylogger.txt
Description:
Kernel Based Keystroke Loggers for Linux - This paper describes the basic concepts and techniques used for recording keystroke activity under linux. Includes proof of concept LKM which is stealthy, works with recent distributions, and is capable of logging local logins and ssh sessions to and from the host. Tested on Slackware v8.0 with kernel v2.4.5.
Author:Mercenary
Homepage:http://www.phreedom.org/article.php?id=28
File Size:20270
Last Modified:Jan 26 15:24:34 2002
MD5 Checksum:a9615f10eaef0364e7e748a96c2fb1c1

 ///  File Name: trNkitv1.0r.tar.gz
Description:
trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
Author:turnrightNever
File Size:13353
Last Modified:Jan 25 02:14:22 2002
MD5 Checksum:30e6999a115ab145c17d2351744c1bda

 ///  File Name: Troier-v1.0r.tgz
Description:
Troier is a package of trojaned linux commands. Includes du, locate, netstat, ps, pstree, top, w, and who.
Author:TurnRightNever
File Size:9533
Last Modified:Jan 17 01:38:33 2002
MD5 Checksum:182c309ade99cf302b6dc13cff0c54e9

 ///  File Name: darkside-0.2.3.tar.gz
Description:
Darkside is a rootkit for unix which hides processes and their children, hides files, manipulates uid's, and modifies the tcp/ip stack to hide connections.
Author:Lbyte
File Size:7646
Last Modified:Jan 11 01:02:06 2002
MD5 Checksum:2af112a1e0cb1b0ed4cbe3626044ccf7

 ///  File Name: ssh-2.3.0.patch
Description:
SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
Author:Digital Shadow
Homepage:http://www.ministryofpeace.co.uk
File Size:2742
Last Modified:Dec 8 22:44:09 2001
MD5 Checksum:573b1748322ad5b68d03a5ec1326f219

 ///  File Name: openssh-2.9p2.patch
Description:
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
File Size:3608
Last Modified:Dec 8 22:42:10 2001
MD5 Checksum:506df08051bf9a4a4e83c6b57873c242

 ///  File Name: vexed.sh
Description:
Backdoor shell script to be run from cron monthly.
Author:Sil
File Size:3109
Last Modified:Nov 22 04:28:40 2001
MD5 Checksum:0793fc12f1e7d665299d8bcc965302b0

 ///  File Name: shtroj2.c
Description:
shtroj2.c is an auto-hiding back door kernel module for linux that executes an arbitrary command when the environment variable TERM is set to a specific password on the execution of a program. Can be used to drop immediately to a functional tty-based shell instead of running /bin/login with sshd and telnetd.
Author:J.B. Lesage
File Size:6401
Last Modified:Nov 21 01:28:04 2001
MD5 Checksum:8808d003335d8e2600666db906b4e962

 ///  File Name: rkssh6.tar.gz
Description:
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesn't write anything to the logs.
Homepage:http://www.ne.jp/asahi/linux/timecop
File Size:5582
Last Modified:Nov 12 23:15:11 2001
MD5 Checksum:891188e8ba0b2c338e22d0295b4acaf5

 ///  File Name: fbrk1-imps.tar.gz
Description:
FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
Author:Nyo
File Size:267168
Last Modified:Nov 5 22:40:21 2001
MD5 Checksum:aabf3bc70afc09f16e0015272e8b2baa