Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
rkssh4.tar.gz |
Description:
|
Patch to ssh-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
| | Author: | Timecop | | File Size: | 2174 | | Last Modified: | Oct 19 14:35:03 1999 |
| MD5 Checksum: | f26c7b5ee0dd4daa893676ceb46aca75 |
|
| /// File Name: |
rkssh5.tar.gz |
Description:
|
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs.
| | Author: | Zelea | | Homepage: | http://www.ne.jp/asahi/linux/timecop/ | | Changes: | Bugfixes, and now uses a md5 hash of the password to prevent password recovery from the sshd binary. | | File Size: | 2969 | | Last Modified: | Dec 16 18:12:07 1999 |
| MD5 Checksum: | 5e68f72e686f63202d137c951463f36d |
|
| /// File Name: |
rkssh6.tar.gz |
Description:
|
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesn't write anything to the logs.
| | Homepage: | http://www.ne.jp/asahi/linux/timecop | | File Size: | 5582 | | Last Modified: | Nov 12 23:15:11 2001 |
| MD5 Checksum: | 891188e8ba0b2c338e22d0295b4acaf5 |
|
| /// File Name: |
root-logine.zip |
Description:
|
Unavailable.
| | File Size: | 3150 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | e4d275018c52c18074bbb1d1d578fc55 |
|
| /// File Name: |
rootkit.zip |
Description:
|
Unavailable.
| | File Size: | 79041 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | fda05ac95076efa11544721c1a77b8e3 |
|
| /// File Name: |
rootkitLinux.tgz |
Description:
|
Unavailable.
| | File Size: | 74555 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 2cf0bb76408f18b9ce32c7350d909c0c |
|
| /// File Name: |
rootkitSunOS.tgz |
Description:
|
Unavailable.
| | File Size: | 69919 | | Last Modified: | Aug 16 20:05:19 1999 |
| MD5 Checksum: | 78795fed5abb0aaed98b41a62cafb393 |
|
| /// File Name: |
rpv21.tar.gz |
Description:
|
Reverse Pimpage is a tool for allowing one to telnet backwards through a firewall, assuming the box is allowed to make outgoing tcp connections. You have to be able to get access to the inside machine first, though, to get the client on the machine.
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | The terminal emulation now works. | | File Size: | 36773 | | Last Modified: | Feb 16 17:15:01 2000 |
| MD5 Checksum: | bc494b0a8cd6928710f1a50462b1d5b4 |
|
| /// File Name: |
rrc_v0.2.tar.gz |
Description:
|
RRC (Roland Remote Control) v0.2 can be used to control a linux box from a remote location.
| | Author: | Roland | | File Size: | 4623 | | Last Modified: | Oct 29 22:58:35 2003 |
| MD5 Checksum: | 57dc5fcde41b7e0100ff50d76b3a617f |
|
| /// File Name: |
rsh-v2.c |
Description:
|
Unix log cleaner that also checks to see if root is logged in.
| | Author: | rotor | | Homepage: | http://www.c1zc0.com | | File Size: | 3149 | | Last Modified: | Oct 30 19:19:11 2005 |
| MD5 Checksum: | e2e7e8f9bb27e7b5dd66041ebd4d3766 |
|
| /// File Name: |
rTelv2.8.zip |
Description:
|
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
| | Author: | PrOpHeT | | File Size: | 935488 | | Last Modified: | Oct 29 23:03:42 2003 |
| MD5 Checksum: | 31f4b59f08429f1e835b1989cd535d5c |
|
| /// File Name: |
rwwwshell-2.0.pl.gz |
Description:
|
Reverse-WWW-Tunnel-Backdoor v2.0 - This backdoor should work through any firewall which has got the security policy to allow users to surf the WWW. Verified to work on Linux, Solaris, AIX and OpenBSD.
| | Author: | van Hauser | | Homepage: | http://www.thc.org/ | | Changes: | Now has full HTTP v1.0 compliance. | | File Size: | 5440 | | Last Modified: | Jun 4 03:20:12 2002 |
| MD5 Checksum: | b54eb0a55405d0b11681391f70fe0be6 |
|
| /// File Name: |
SAdoor-20030805.tgz |
Description:
|
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3). First non-beta release.
| | Author: | CMN | | Homepage: | http://cmn.listprojects.darklab.org/ | | File Size: | 322932 | | Last Modified: | Aug 11 22:47:12 2003 |
| MD5 Checksum: | 82794a18353dde4f520ef3a53f99cd4b |
|
| /// File Name: |
SAdoor-20031217.tgz |
Description:
|
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://cmn.listprojects.darklab.org/ | | Changes: | Added a new client side application to edit database files. First release of winserver, a version of SADoor for Microsoft Windows. | | File Size: | 472315 | | Last Modified: | Dec 18 17:31:08 2003 |
| MD5 Checksum: | dbf4d2850da1c3d1d1849075725a7487 |
|
| /// File Name: |
SAdoor.0.2.beta.tgz |
Description:
|
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://www.mdstud.chalmers.se/~md0claes | | File Size: | 32640 | | Last Modified: | Sep 21 00:25:44 2001 |
| MD5 Checksum: | cd5507c7d2cdebc30a30ee19977bb14c |
|
| /// File Name: |
SAdoor.0.3.beta.tgz |
Description:
|
SADoor is a non-listening remote admin tool for UN*X systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent MIME64 encoded in the TCP payload and decoded and passed on to system(3).
| | Author: | CMN | | Homepage: | http://www.mdstud.chalmers.se/~md0claes | | File Size: | 262571 | | Last Modified: | Jun 27 23:32:10 2002 |
| MD5 Checksum: | a9e6f5155bde823d8fd50813852bee53 |
|
| /// File Name: |
SeCshell.c |
Description:
|
Local backdoor - Secure root shell, protected by standard DES encryption.
| | Author: | Pir8 | | Homepage: | http://www.dtors.net | | File Size: | 901 | | Last Modified: | Jun 4 01:36:45 2002 |
| MD5 Checksum: | 023099b2625f65810fde4ab2f89f6af7 |
|
| /// File Name: |
sendm-8.9.3trojan.tar.gz |
Description:
|
Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell.
| | Author: | Axess | | File Size: | 598384 | | Last Modified: | Feb 11 18:01:29 2000 |
| MD5 Checksum: | c4d6ca89d5ceea3f5e071040ad29b4d8 |
|
| /// File Name: |
sendmailcftrojan.tar.gz |
Description:
|
Backdoored sendmail.cf - Install on a system that is running sendmail it allows you to spawn an xterm on any remote host.
| | Author: | Naif | | File Size: | 20829 | | Last Modified: | Jun 14 12:47:05 2000 |
| MD5 Checksum: | 027013770bd78a014196b2f5b2adb3b3 |
|
| /// File Name: |
server.c |
Description:
|
Gummo backdoor server - a basic but effective backdoor server.
| | Author: | ph1x,b4b0 #6 | | File Size: | 3930 | | Last Modified: | Aug 16 20:05:24 1999 |
| MD5 Checksum: | 14049dbf8ff36ffccd6beb5474710447 |
|
| /// File Name: |
shadyshell.c |
Description:
|
shadyshell.c is a flexible, obfuscated, and lightweight UDP portshell. Takes client input via netcat -u.
| | Author: | S | | File Size: | 1159 | | Last Modified: | May 31 00:42:23 2000 |
| MD5 Checksum: | 8375bfbba53bf96bdb2c25cdd0e9ef28 |
|
| /// File Name: |
shtroj2.c |
Description:
|
shtroj2.c is an auto-hiding back door kernel module for linux that executes an arbitrary command when the environment variable TERM is set to a specific password on the execution of a program. Can be used to drop immediately to a functional tty-based shell instead of running /bin/login with sshd and telnetd.
| | Author: | J.B. Lesage | | File Size: | 6401 | | Last Modified: | Nov 21 01:28:04 2001 |
| MD5 Checksum: | 8808d003335d8e2600666db906b4e962 |
|
| /// File Name: |
silentdoor.tar.gz |
Description:
|
SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.
| | Author: | doctor raid | | File Size: | 10310 | | Last Modified: | Mar 17 02:43:57 2005 |
| MD5 Checksum: | 5a8f02eb1e1d7ca1ff8e7a30603286a3 |
|
| /// File Name: |
SInAR-0.1.tar.gz |
Description:
|
SInAR Solaris rootkit that was released at the 21st Chaos Communication Congress.
| | Author: | Archim | | File Size: | 5643 | | Last Modified: | Jan 4 02:37:05 2005 |
| MD5 Checksum: | 3bf1b0f2efc10febf86e95d699b68638 |
|
| /// File Name: |
SInAR-0.2.tar.bz2 |
Description:
|
SInAR Solaris rootkit v0.2. Invisible kernel based rootkit for Solaris 8, 9, and 10.
| | Author: | Archim | | File Size: | 6300 | | Last Modified: | Feb 18 02:35:55 2005 |
| MD5 Checksum: | 6e5dc76977f8b3fed2fd9f21ffc375dd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
