Please click our sponsor
Rootkits Section  
DevNull-rootkit-v0.9..>
DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin. Homepage here. By Tutor
Q-0.9.tgz
First public release of Q - a client / server backdoor with strong (256 bit AES) encryption for remote shell access. Also supports encrypted tcp relay/bouncer server that supports normal clients (with a local encryption tunneling daemon). Includes stealth features like activation via raw packets, syslog spoofing, and single-session servers that prevent it from appearing in netstat. Homepage here. By Mixter
Trojanit.tar.gz
compact trojan/root kit for linux and maybe bsd. By syg @ EFnet. bugfix release.
all-root.c
A kernel trojan (basic linux kernel module) which gives all users root. By Blasphemy
audpbackdoor.tar.gz
A udp based backdoor, client and server are written in perl. Uses port 520 by default. Homepage here. By Sventek
bdoor.c
Unix backdoor which pretends to be a http daemon. By CyberPsychotic
blackhole.c
A basic backdoor that is a small, portable, and functional fake daemon. You tell it what you want it to run as under 'ps' and what port to bind to in the defines. Detailed description in the header. By Bronc Buster.
cgiback.tgz
CGI backdoor which can be compiled with or without logging. Password protected. Tested on Redhat 6.1. By Overflow
dnsscan
Sorry, a description is unavailable.
falcon-ssh-diffs.tar..>
Two rootkit / backdoor patches to ssh-1.2.27. The first diff turns ssh into a major backdoor. it will report itself as nscd in the process list, have ALL logging disabled, run on a different port, ignore all settings in the config file and allow a "magic word" login to all accounts, including root. The other patch simply adds a magic password to sshd, for use in patching an existing sshd. By Falcon
gH-cgi.c
A simple cgi backdoor which pipes command output to the browser. By Blasphemy
hacking_unix.txt
Sorry, a description is unavailable.
kbdv2.c
Kdb is a nice little backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls. Changes: Works on 2.2 kernels. By Spaceork
knark-0.50.tar.gz
Knark is a kernel-based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects. By Creed
knark-0.59.tar.gz
Knark is a kernel based rootkit for Linux 2.2. Hides files in the filesystem, strings from /proc/net for netstat, processes, and program execution redirects for seamlessly bypassing tripwire / md5sum. Changes: Remote command execution. By Creed
lrk4.shad.tar.gz
Linux Rootkit 4 - Precompiled Shadowed Distribution. By Lord Somer.
lrk4.src.tar.gz
Linux Rootkit - Source Distribution. By Lord Somer.
lrk4.unshad.tar.gz
Linux Rootkit 4 - Precompiled Unshadowed Distribution. By Lord Somer.
lrk5.src.tar.gz
Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, thesniff, sniffchk, wted, and z2. Changes: sshd-2.0.13 patch, a better sniffer, a backdoored su, and better crontab. Homepage here. By Lord Somer
lrkn.tgz
Linux rootkit 3.0 - Includes trojaned chfn, chsh, inetd, login, ls, du ifconfig, netstat, passwd, ps, top, rshd, syslod, tcpd, etc.
ovas0n.c
Opens a password protected backdoor and lets you execute commands, and then hides in the background. Based on gs.c. By misteri0
phide.tar.gz
Phide - A lkm that hides processes under Linux 2.0. There already exist such thing for Linux 2.2 [like heroin.c or knark] but they're just for Linux 2.2. Homepage here. By nuope
pop3d-trojan.tar.gz
in.pop3d backdoor - Still functions as in.pop3d, but gives a shell with the proper password. By Formatez
rkssh4.tar.gz
Patch to ssh-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs. By Timecop
rkssh5.tar.gz
Patch to sshd-1.2.27 to make a global backdoor password. Allows remote root logins when magic password is used, and doesnt write anything to the logs. Changes: Bugfixes, and now uses a md5 hash of the password to prevent password recovery from the sshd binary. Homepage here. By Zelea
root-logine.zip
Sorry, a description is unavailable.
rootkit.zip
Sorry, a description is unavailable.
rootkitLinux.tgz
Sorry, a description is unavailable.
rootkitSunOS.tgz
Sorry, a description is unavailable.
rpv21.tar.gz
Reverse Pimpage is a tool for allowing one to telnet backwards through a firewall, assuming the box is allowed to make outgoing tcp connections. You have to be able to get access to the inside machine first, though, to get the client on the machine. Changes: The terminal emulation now works. Homepage here. By Tommy.
sendm-8.9.3trojan.ta..>
Backdoored Sendmail 8.9.3 - Enter a special SMTP command and it opens a root shell. By Axess
server.c
Gummo backdoor server - a basic but effective backdoor server. By ph1x, featured in b4b0 #6.
sm4ck.c
sm4ck v0.1 adds three simple backdoors to the box you execute it on. By Sector9 of rewted.org.
sol24.zip
Sorry, a description is unavailable.
sol25.zip
Sorry, a description is unavailable.
ssh-1.2.27rk.diff
w00w00's magic backdoor patch for ssh 1.2.27. Magic password, does not log, permits root login, etc. Homepage here. By shadow
sshd.c.diff-1.2.27
A small patch to sshd v1.2.27 which accepts a magic password to authenticate, and does not log to utmp/wtmp or syslog. Homepage here. By Ajax
sun-5.5.1.zip
Sorry, a description is unavailable.
taskigt.tar.gz
Taskigt - A lkm that gives root to a process that read a special file in /proc. Homepage here. By nuope
ulogin.c
Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary. Homepage here. By Tragedy
utrojan.c
Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd. By Axess
vexed.sh
Backdoor shell script to be run from cron monthly. By Sil
wu-ftpd-trojan.tar.g..>
Wu-ftpd Trojan - Login with specific user/pass and it gives you a root shell. By Axess