Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
bash-door.tar.gz |
Description:
|
Backdoors Bash-2.05 for local root.
| | Author: | Bob | | Homepage: | http://www.dtors.net | | File Size: | 2426 | | Last Modified: | Jul 8 02:45:50 2002 |
| MD5 Checksum: | c6edcabbcd0ade055d43a041c42f2c50 |
|
| /// File Name: |
trojodaemon.c |
Description:
|
Trojodaemon is a simple tool which allows you to start a process at boot.
| | Author: | Dev | | File Size: | 2214 | | Last Modified: | May 29 02:00:44 2002 |
| MD5 Checksum: | 4ee3bb29be054cab63922eb934cfec60 |
|
| /// File Name: |
rkssh4.tar.gz |
Description:
|
Patch to ssh-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
| | Author: | Timecop | | File Size: | 2174 | | Last Modified: | Oct 19 14:35:03 1999 |
| MD5 Checksum: | f26c7b5ee0dd4daa893676ceb46aca75 |
|
| /// File Name: |
tl0gin.c |
Description:
|
Trojan /bin/login.
| | Author: | m4rc3l0 | | File Size: | 2164 | | Last Modified: | Dec 16 10:23:14 2002 |
| MD5 Checksum: | c4467dfbf32a55282b92eaaa055652a9 |
|
| /// File Name: |
mybindshell2.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348. Includes the ability to only allow certain IP's.
| | Author: | Konewka | | Homepage: | http://www.olek.org/code | | File Size: | 2157 | | Last Modified: | Dec 14 22:25:49 2003 |
| MD5 Checksum: | ced8adcc43ee20caf12d6b514bcc2b45 |
|
| /// File Name: |
nx_back.c |
Description:
|
Simple unix-based backdoor that is very compact and provides a bindshell.
| | Author: | nitr0x | | Homepage: | http://www.nitrox.xt.pl | | File Size: | 2150 | | Last Modified: | Sep 10 01:21:52 2004 |
| MD5 Checksum: | b102aed4733efae0cd8de45938b514bc |
|
| /// File Name: |
asmd.tgz |
Description:
|
ASMD is a local root backdoor which is a wrapper which can wrap any setuid binary.
| | Author: | Ripper | | File Size: | 2132 | | Last Modified: | Dec 16 22:20:36 2000 |
| MD5 Checksum: | cf80ea5f62e7ba91e765a5b5054b23f7 |
|
| /// File Name: |
rathole.c |
Description:
|
rathole 1.0 is a passworded backdoor for Linux and Openbsd.
| | Author: | Incognito/PT. | | File Size: | 2038 | | Last Modified: | Sep 24 05:39:04 2002 |
| MD5 Checksum: | ab27a2c96b72231c6f8b8412622fecb5 |
|
| /// File Name: |
sshd.c.diff-1.2.27 |
Description:
|
A small patch to sshd v1.2.27 which accepts a magic password to authenticate, and does not log to utmp/wtmp or syslog.
| | Author: | Ajax | | Homepage: | http://users.dhp.com/~ajax/projects | | File Size: | 1992 | | Last Modified: | Nov 29 19:59:45 1999 |
| MD5 Checksum: | 4dcfe52ec799e78df496516afd7b9c29 |
|
| /// File Name: |
file.c |
Description:
|
OpenBSD and NetBSD LKM which hides files by patching getdirentries().
| | Author: | Gr33k | | Homepage: | http://www.frapes.org | | File Size: | 1920 | | Last Modified: | Jan 5 02:50:56 2003 |
| MD5 Checksum: | 770290c363c15e13d3eb89a80e65aa4e |
|
| /// File Name: |
Rkit-1.01.tgz |
Description:
|
RKit is a Linux LKM backdoor/rootkit which intercepts the SYS_setuid call and ups a specified UID to 0 when that user logs in thereby successfully (and covertly) backdooring the root account.
| | Author: | TBob | | File Size: | 1878 | | Last Modified: | Mar 15 18:58:24 2001 |
| MD5 Checksum: | e6097ee042b27caf6263bec25f484838 |
|
| /// File Name: |
inetdfun.tar.gz |
Description:
|
Inetdfun is a public version of an inetd backdoor which uses ICMP to trigger a remote shell. Includes readme and source diff.
| | Author: | Wildandi | | Homepage: | http://segfault.net/~wildandi | | File Size: | 1861 | | Last Modified: | Nov 11 20:24:47 2000 |
| MD5 Checksum: | 41dd75e78dd7a1d92e340a9a5cfdb0d3 |
|
| /// File Name: |
gH-cgi.c |
Description:
|
A simple cgi backdoor which pipes command output to the browser.
| | Author: | Blasphemy | | File Size: | 1826 | | Last Modified: | May 1 17:46:44 1999 |
| MD5 Checksum: | 2c0331f54922c1b1140e8992598fbb2f |
|
| /// File Name: |
utrojan.c |
Description:
|
Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd.
| | Author: | Axess | | File Size: | 1625 | | Last Modified: | Feb 7 15:13:50 2000 |
| MD5 Checksum: | 40afffb1f5acd39467e53bb6b41088d1 |
|
| /// File Name: |
thcobsdbd.tar.gz |
Description:
|
THC Backdoor ported to OpenBSD - This is a simple but useful backdoor for OpenBSD based on a FreeBSD lkm by pragmatic/THC.
| | Author: | Pigpen | | Homepage: | http://www.s0ftpj.org | | File Size: | 1582 | | Last Modified: | Jan 4 19:37:46 2001 |
| MD5 Checksum: | 11ada1cc8831dc0a793e5b9c3a2c9b78 |
|
| /// File Name: |
login-back.c |
Description:
|
Backdoor for login where the original binary must be renamed and only gets called whenever the remote user's TERM variable is not set to the magic password. If the magic password is set, the user gets the option of a shell with or without logging.
| | Author: | tracewar | | File Size: | 1488 | | Last Modified: | Oct 2 13:09:48 2003 |
| MD5 Checksum: | c0a77d42bb53610b4ec2daf01cda55b1 |
|
| /// File Name: |
ulogin.c |
Description:
|
Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
| | Author: | Tragedy | | Homepage: | http://www.etc-crew.org | | File Size: | 1344 | | Last Modified: | Feb 4 17:54:55 2000 |
| MD5 Checksum: | 4d5c12f579e07686a1b350c0064601f4 |
|
| /// File Name: |
pure-xinetd-backdoor.c |
Description:
|
Xinetd backdoor.
| | Author: | Pwr | | File Size: | 1339 | | Last Modified: | Jun 2 23:40:25 2002 |
| MD5 Checksum: | 7d06bac34cf9bd9bd77ad1523bfa48b5 |
|
| /// File Name: |
mybindshell.c |
Description:
|
Bindshell which has a password and defaults to tcp port 1348.
| | Author: | Kafar | | Homepage: | http://www.olek.org/code | | File Size: | 1305 | | Last Modified: | Oct 15 16:14:24 2003 |
| MD5 Checksum: | acb885a3faa8b9468e8197811d7f280f |
|
| /// File Name: |
taskigt.tar.gz |
Description:
|
Taskigt - A lkm that gives root to a process that read a special file in /proc.
| | Author: | noah | | Homepage: | http://ns2.crw.se/~tm/ | | File Size: | 1286 | | Last Modified: | Jan 28 18:54:48 2000 |
| MD5 Checksum: | b4d52ecb3a6914d9836ecfea34237649 |
|
| /// File Name: |
logginsh.txt |
Description:
|
loggin.sh is a script written to emulate a Linux login prompt and then record the logins to /tmp/.dump.
| | Author: | Pranav Joshi, Deepak Kaul | | File Size: | 1266 | | Last Modified: | Jun 5 04:40:02 2006 |
| MD5 Checksum: | 59b000733a8ab35f124a73afcd31bf40 |
|
| /// File Name: |
lbk.tar.gz |
Description:
|
LBK is a local kernel based (kld) backdoor for FreeBSD 4.0 which provides a root shell if the TERM environment variable is set with the password.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 1190 | | Last Modified: | Dec 11 19:02:06 2000 |
| MD5 Checksum: | 9c0ce7942d25d16b8b7571dc588039f0 |
|
| /// File Name: |
cbd.c.txt |
Description:
|
CBD.c is a simple backdoor which allows machines behind firewalls to be controlled via outgoing connections.
| | Author: | Grazer | | Homepage: | http://www.digit-labs.or | | File Size: | 1160 | | Last Modified: | Feb 20 21:07:05 2001 |
| MD5 Checksum: | 85c194f62635a80b322a0566ac30942e |
|
| /// File Name: |
shadyshell.c |
Description:
|
shadyshell.c is a flexible, obfuscated, and lightweight UDP portshell. Takes client input via netcat -u.
| | Author: | S | | File Size: | 1159 | | Last Modified: | May 31 00:42:23 2000 |
| MD5 Checksum: | 8375bfbba53bf96bdb2c25cdd0e9ef28 |
|
| /// File Name: |
netstat.sh |
Description:
|
Netstat.sh is a shell script which compiles a C wrapper around /bin/netstat which hides a class B address space.
| | Author: | God- | | Homepage: | ftp://haxordot.org/pub/god-/ | | File Size: | 1125 | | Last Modified: | Aug 5 23:01:47 2000 |
| MD5 Checksum: | 1aaeb2723b4dba0eb612ef3fbfea415f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
