WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
8e6fe6a513916c776350b0cbff29427e8719a4d3095dfe4fdd3b4ad34e3bde2eWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
6e46638034d12ee47a4a4955583b5065ffc4d0142d553c15fc90abbf42ca5b89Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
bbeb032e2f9929a6af65472aee0188c9962b2569eed6ca4c4d073142f10ab850This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.
4b62d88653f707028740984998a846bce54234865cd62cec045e7c6dffb125edKnull Shell Alpha1 is a PHP shell that has bind, reverse, and backpipe shells.
ad77bcbd30f3d90fdb9ea4fa2d171918170d050e6362eb389985fee2e78fd1efAni-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.
5d436e5e3f0f9049b1f6c13ff1c3e8d6533281bd4fb1495f94866b260b5e0b5aTurtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
5d9c7ea1f5b26a22623fcf4d3cef0c6fe8dce24ab8d206098990fb0f90ad98ceThis post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu.
dbcfe980157abcbf52b90ed25f13f5a5ca5b90bf4ec49c9d58423b69de944a14This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.
8ebfc9a80c59fc7685830768e0b0e61b40167f043d648478e5de84c59a300d6eSyRiAn Sh3ll is a PHP backdoor that allows for database access, local exploitation of the host, and more.
0e7f6e9c57da41f9316262dc22b4b3227f52c30f15747639a8780ab3c18c4fa8This is the Viper auto-rooting script that is written for Linux, SunOS, Mac OS X, and FreeBSD.
5c2ab18173e0e9d1c12ceccdd9635d100e00896d535a7816b65d5b030a8c0d1aIncluded in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
796fea476f1404100a509b2b4c0c463f28d539d1bb611efada016038aad1d7a1This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.
6a324fcebd39bee3df601a2c0bae779d4238f227c025bef29ca33382ddbcd665This is a backdoor PHP shell from ITSecTeam. It can execute system commands, bypass various controls, connects to common databases and edits files and directories.
ae3a70be5946b093e55e474cf25408d6390702e587d8d5b24404f442be5ddbd5Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
8b8bd3b4567213634fa8d095649b277321095be6c15b34acae704bab66f4b1d5This is a backdoor PHP shell from ITSecTeam.
428640bd9e6ab10814a7560818cb822084078acd863ae3339c157e9a31c524dbDevshell is a CGI backdoor kit.
e699799c202eec8044569a1867fb88d39c859b87c9907c500f63a15c122997a3EvilBS is a bindshell for Linux that has AES-256 symmetric encryption, can operate in reverse connect mode, has SOCKS4 proxy support and more.
53782e7dfdb8ce46e8d5cbc85f2c97a2131912e4cb783b0002850349af550897This is the ZoRBaCK Connect php script that allows for a remote shell on a compromised host.
d5226055e30c86c65d275b843a2bf889713d2e585da4851f73e2b3df09c6c0e8ISTAR is a set of python code that performs various functions including use of ptrace to simulate a userland rootkit.
3bb7022c0e550e915f5519e4b603de58dd1f094954e4b0c4b1307ece8b015b34LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.
4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4dThis user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.
7987443dddeca5ef652aa2a782472ce53514e94d8e6bc5c72c114202001251b2Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.
ffaedfe839e7a9bcf9b642da14a75df2d7fe351c1b3e44ff9b7c3b251816b3b03vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.
a4a668163c7e61330d54c7d954f4e67c8d4b0cf20bf7c6186e755e7be503d257The Klueless Klowns Team variant of the c99 php shell.
0fe81b489e390113feb7ba02fccf9f98d277d8a6fe930743d7211895dc8acf41
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed