Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
httpbd.pl.txt |
Description:
|
httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
| | Author: | rav3n | | File Size: | 3016 | | Last Modified: | Sep 23 02:34:02 2005 |
| MD5 Checksum: | e96c0debb82cfb8f22165e943001f0ba |
|
| /// File Name: |
icmp-backdoor.tar.gz |
Description:
|
Small ICMP backdoor which works under BSD, Linux, and Solaris. Because you can define the icmp_code to use it is able simulate an echo_request <-> echo_reply conversation so it looks like a normal ping with bigger packets. It also includes a session_id to detect the right packets (which is also done by certain icmp_id's).
| | Author: | Martin J. Muench | | Homepage: | http://www.codito.de | | File Size: | 5118 | | Last Modified: | May 30 01:49:11 2002 |
| MD5 Checksum: | d77f547863617b69e6206eb72c90fce2 |
|
| /// File Name: |
inetdfun.tar.gz |
Description:
|
Inetdfun is a public version of an inetd backdoor which uses ICMP to trigger a remote shell. Includes readme and source diff.
| | Author: | Wildandi | | Homepage: | http://segfault.net/~wildandi | | File Size: | 1861 | | Last Modified: | Nov 11 20:24:47 2000 |
| MD5 Checksum: | 41dd75e78dd7a1d92e340a9a5cfdb0d3 |
|
| /// File Name: |
kbdis.c |
Description:
|
kbdis.c disables the keyboard on most x86 systems. Useful for locking out root in a pinch.
| | Author: | Nijen Rode | | File Size: | 241 | | Last Modified: | May 8 18:55:53 2001 |
| MD5 Checksum: | b993d33d0fe64d76d9829f0ed97d6ab1 |
|
| /// File Name: |
kbdv2.c |
Description:
|
Kdb is a nice little backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls.
| | Author: | Spaceork | | Changes: | Works on 2.2 kernels. | | File Size: | 2803 | | Last Modified: | Jan 6 17:58:37 2000 |
| MD5 Checksum: | 22f71383be1c921d2963d540aec9e668 |
|
| /// File Name: |
kbdv3.c |
Description:
|
Kbd v3.0 is a Linux loadable kernel module backdoor. Allows root access by modifying the SYS_utime and SYS_getuid32 system calls. Can be used in conjunction with cleaner.c from the adore root for stealth capability.
| | Author: | Spaceork | | File Size: | 3047 | | Last Modified: | Jul 19 19:49:47 2001 |
| MD5 Checksum: | 35bb7a88521f2c65ff8d88fa486a7d07 |
|
| /// File Name: |
kernel.keylogger.txt |
Description:
|
Kernel Based Keystroke Loggers for Linux - This paper describes the basic concepts and techniques used for recording keystroke activity under linux. Includes proof of concept LKM which is stealthy, works with recent distributions, and is capable of logging local logins and ssh sessions to and from the host. Tested on Slackware v8.0 with kernel v2.4.5.
| | Author: | Mercenary | | Homepage: | http://www.phreedom.org/article.php?id=28 | | File Size: | 20270 | | Last Modified: | Jan 26 15:24:34 2002 |
| MD5 Checksum: | a9615f10eaef0364e7e748a96c2fb1c1 |
|
| /// File Name: |
kis-0.9.tar.gz |
Description:
|
KIS is the Kernel Intrusion System, a powerful client / server LKM based rootkit.
| | Author: | Optyx | | Homepage: | http://www.uberhax0r.net/kis | | File Size: | 87860 | | Last Modified: | Jul 19 19:57:12 2001 |
| MD5 Checksum: | 55fa64d52771873a841e22a59b00bb42 |
|
| /// File Name: |
knark-0.50.tar.gz |
Description:
|
Knark is a kernel-based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects.
| | Author: | Creed | | File Size: | 12856 | | Last Modified: | Nov 15 19:49:25 1999 |
| MD5 Checksum: | 93b4d72822ac6b8cd5346542ae7804f8 |
|
| /// File Name: |
knark-0.59.tar.gz |
Description:
|
Knark is a kernel based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects for seamlessly bypassing tripwire / md5sum.
| | Author: | Creed | | Changes: | Remote command execution. | | File Size: | 15169 | | Last Modified: | Nov 21 01:12:10 1999 |
| MD5 Checksum: | adde1bb47d9e45237e83d85f8d48098f |
|
| /// File Name: |
knark-2.4.3.tgz |
Description:
|
Knark v2.4.3 port is a usable kernel-based rootkit for Linux which is based on knark-0.59. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects. Also includes a kernel module to protect Linux 2.4 from knark.
| | Author: | Cyberwinds | | File Size: | 59931 | | Last Modified: | May 21 18:23:10 2001 |
| MD5 Checksum: | ca1ebe26ab1138ebe431751f526df817 |
|
| /// File Name: |
last1.tgz |
Description:
|
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
| | Author: | K1net1c | | File Size: | 3160878 | | Last Modified: | Sep 24 06:13:41 2002 |
| MD5 Checksum: | 56b9eb9fabe884ebc8bcb02aa5f065c2 |
|
| /// File Name: |
latte-release-beta-0.1.zip |
Description:
|
Latte is a little unix backdoor which only allows one UID to use it.
| | Author: | C0w-d0g | | File Size: | 44311 | | Last Modified: | Nov 20 01:59:31 2002 |
| MD5 Checksum: | 50b42878974dd58eece52e4941727f5a |
|
| /// File Name: |
lbk.tar.gz |
Description:
|
LBK is a local kernel based (kld) backdoor for FreeBSD 4.0 which provides a root shell if the TERM environment variable is set with the password.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 1190 | | Last Modified: | Dec 11 19:02:06 2000 |
| MD5 Checksum: | 9c0ce7942d25d16b8b7571dc588039f0 |
|
| /// File Name: |
linspy2beta2.tgz |
Description:
|
Linspy is keystroke logger for linux kernels v2.2 and 2.4 which records TTY activity. Based on Halflife's article from Phrack 50.
| | Author: | Xian | | File Size: | 4524 | | Last Modified: | Apr 17 02:35:56 2002 |
| MD5 Checksum: | 0099f4b8f9f3268dbea495ee6168b78a |
|
| /// File Name: |
logginsh.txt |
Description:
|
loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.
| | Author: | Pranav Joshi,Deepak Kaul | | File Size: | 1266 | | Last Modified: | Jun 5 04:40:02 2006 |
| MD5 Checksum: | 59b000733a8ab35f124a73afcd31bf40 |
|
| /// File Name: |
login-back.c |
Description:
|
Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
| | Author: | tracewar | | File Size: | 1488 | | Last Modified: | Oct 2 13:09:48 2003 |
| MD5 Checksum: | c0a77d42bb53610b4ec2daf01cda55b1 |
|
| /// File Name: |
login.tgz |
Description:
|
login package for linux - backdoored.
| | Author: | TheFinn | | Homepage: | http://circuit4.net/~thefinn | | File Size: | 32632 | | Last Modified: | Mar 18 00:09:58 2002 |
| MD5 Checksum: | e9ead72cdd327d67c6cf4baf41610ee4 |
|
| /// File Name: |
lrk-4.1.tar.gz |
Description:
|
Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed. Includes a better find patch, fixed install of pidof / killall, fixed rshd patch, compilation fixes, and more. Released 11-may-2000, tested on Linux kernel 2.2.6, Slackware 4.0.
| | Author: | Rolling | | File Size: | 890103 | | Last Modified: | Jul 22 03:20:26 2000 |
| MD5 Checksum: | 3028892d2463f353e24419a83cccb1b3 |
|
| /// File Name: |
lrk4.shad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Shadowed Distribution.
| | Author: | Lord Somer | | File Size: | 1026038 | | Last Modified: | Aug 16 20:05:22 1999 |
| MD5 Checksum: | d476a0e8cac2d1f7e6e6f70cb451cb39 |
|
| /// File Name: |
lrk4.src.tar.gz |
Description:
|
Linux Rootkit - Source Distribution.
| | Author: | Lord Somer | | File Size: | 900450 | | Last Modified: | Aug 16 20:05:23 1999 |
| MD5 Checksum: | c2f886c7af1e6318f79460ff0ffe4f5e |
|
| /// File Name: |
lrk4.unshad.tar.gz |
Description:
|
Linux Rootkit 4 - Precompiled Unshadowed Distribution.
| | Author: | Lord Somer | | File Size: | 1252709 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | b4070c30eb6ec9f6b18c3c2dbbbf488c |
|
| /// File Name: |
lrk5.src.tar.gz |
Description:
|
Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, thesniff, sniffchk, wted, and z2.
| | Author: | Lord Somer | | Homepage: | http://www.lordsomer.com/ | | Changes: | sshd-2.0.13 patch, a better sniffer, a backdoored su, and better crontab. Warning: This software causes anti-virus false positives. | | File Size: | 3301054 | | Last Modified: | Feb 11 19:27:02 2000 |
| MD5 Checksum: | e18b708650f7dc4cca447df33d09740f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
