The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
3b5d27272081553f8751d3f4687b9218fa3bc905c56aa394990b3ac608cca24e
SilentDoor is a connectionless, PCAP-based backdoor for linux that uses packet sniffing to bypass netfilter. It sniffs for UDP packets on port 53, runs each packet against a decryption scheme, if the packet validates than it runs a command. Can be masked to look like any other process. Remote command utility included.
5665922f8fe8b1dcf7030bfcdecfbb8c13d27e49c02f353d0579071ed562011c
Unix bindshell backdoor that acts as psybnc if the password fails.
a63b89c1bb3957fc31dcd23b35f32b931de760ccb72b148bd7de29831ebf59f6
SInAR Solaris rootkit v0.2. Invisible kernel based rootkit for Solaris 8, 9, and 10.
8e59094c902a8a45f4cd71d579415c5f32b38e1e7a5960171b90f5a1b7db3da6
SInAR Solaris rootkit that was released at the 21st Chaos Communication Congress.
2717af8649c7509bb5077c18ad3c6e759f11b3a129606742c0091ecb9c593e26
WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.
3e90b2abe3d92f157460c7cb61234e34310154dedaf128616cccf864093686c1
N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
1d716fe2d428a1b091b2323219d12fa9adc4fb7bb83e3074c1b4ab462af6d467
ICMP-based triggered Linux kernel module that executes a local binary upon successful use.
3e96d2229d340dce20e03b329993d38a8230c2492d818ef162a0761d66676d30
MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.
21e6ef5bbf484ae909d8e4ab55e0e47d82f7478c4941f5cca236f04306b9f98e
Simple unix-based backdoor that is very compact and provides a bindshell.
d2da29c47b3ffc365cc6f096647ffb62a5dbc2a4f8fd08c29068fed3eb20d0c9
Cheetah version 1.0 is a remote Linux/BSD backdoor that offer low CPU usage, Port/Backlog selection, a remote shell, user/password protection, and process faking.
14494a026dcba9f3ddc81a36464f7285e7aa4ab559ded6f69da75edda6346e4a
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
5669f3b557c15b343f152b34edc206bd33e874613ddc50ea1418d89cd20dc8dd
Lyceum is an advance stealthed client/server backdoor that uses encrypted spoofed UDP packets to administer the server and the two built-in ICMP backdoors. Each ICMP backdoor exploits a different feature of the protocol, the first creating a bi-directionally spoofed ICMP tunnel and the second uses passive nodes as zombies to relay ICMP backdoor traffic.
860ca6295d4f0a55057e5b9280edffa1b18da5925a54817cf734ab2fb853bf9a
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
fe08f9f4735f367d27a07601ee33249065b847e1e7f2bc91e9fdb851705818ab
This pam backdoor allows access to a machine using a backdoor password and arbitrary commands can also be executed without logging in. Logs normal users passwords to a log file. Configurable without recompilation.
7f794ba5e8bc118b85ff262f027ec88781fe67d05316514d8796bbbf098b9f09
Simple generic backdoor protected by a password encrypted with an MD5 hash. Gets added into inittab.
e882134c2334e44c8578e2e5edbc6cf3a3e29bd4f6d910f9a7118cca31ac094f
tumbler is a protocol that enables a client piece of software to securely tell a server process on a remote machine to execute a predetermined command. tumbler is similar to port knocking and is designed so that a remote user can securely and stealthily enable and disable server processes, or open and close firewall holes on a computer connected to the Internet.
9be51278bb9e8b11bb91de779ebb180175c8e973892af7b6bd5a4df438c8acc6
The R3dstorm Toolkit is a rootkit like utility which hides processes and files and was tested on Red Hat 9.0.
2b31937ef797c0b48a00e99462cb38c25d74fd46d7354bf828532adf1a57b757
SADoor is a non-listening remote administration tool for Unix systems. It sets up a listener in non-promiscuous mode for a specific sequence of packets arriving to the interface before allowing command mode. The commands are sent Blowfish encoded in the TCP payload and decoded and passed on to system(3).
94e0dcdf600116b079950ef2ffe319177b437da4b237b008bb960d77c075ed17
Bindshell which has a password and defaults to tcp port 1348. Includes the ability to only allow certain IP's.
a99092c6a71a54dd9ddcfb2fa7d85132274feaf9c4e7738d40c42a4ecdc05cf2
Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).
11113a593b4f526f8fca20dd243ea7d92507104f9d79654f598013a116da4886
Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
037050dd308f5665105f3ca4347b34ad15c25ee30bd808a2ca9a072a862ad100
Proof of concept PAM backdoor for Linux and FreeBSD that adds a magic password.
016c0aa981fb671c3623d1daa0ce0b685f7973cd7dcffdc1a02430078f3d3814
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
47cf1f05ee4afcf1a9fffb776e893755bec1ac2504b8441ae53b46ed1f1ea43b
RRC (Roland Remote Control) v0.2 can be used to control a linux box from a remote location.
719c7b410df362e95b1d5cb4c66aaedd13615bac51a55b16dbb1051e92f8e72a