Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:25 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1927426690&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Rootkit%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Frootkit%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1927426690.1338192085.1338192085.1338192085.1%3B%2B__utmz%3D32867617.1338192085.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.zip http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.zip http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.html Mon, 07 May 2012 19:49:06 GMT NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell. http://packetstormsecurity.org/files/112335/rkhunter-1.4.0.tar.gz http://packetstormsecurity.org/files/112335/rkhunter-1.4.0.tar.gz http://packetstormsecurity.org/files/112335/Rootkit-Hunter-1.4.0.html Tue, 01 May 2012 21:24:57 GMT Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD. http://packetstormsecurity.org/files/112328/ropeadope.py.txt http://packetstormsecurity.org/files/112328/ropeadope.py.txt http://packetstormsecurity.org/files/112328/RopeADope-1.1-Linux-Log-Cleaner.html Mon, 30 Apr 2012 14:17:16 GMT RopeADope is a log cleaning script for Linux. http://packetstormsecurity.org/files/110942/jynx2.tgz http://packetstormsecurity.org/files/110942/jynx2.tgz http://packetstormsecurity.org/files/110942/Jynx-Kit-Release-2.html Sun, 18 Mar 2012 16:22:22 GMT Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits. http://packetstormsecurity.org/files/110815/carbylamine.txt http://packetstormsecurity.org/files/110815/carbylamine.txt http://packetstormsecurity.org/files/110815/Carbylamine-PHP-Encoder.html Thu, 15 Mar 2012 02:49:22 GMT Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed. http://packetstormsecurity.org/files/110704/webacoo-0.2.3.tgz http://packetstormsecurity.org/files/110704/webacoo-0.2.3.tgz http://packetstormsecurity.org/files/110704/WeBaCoo-Web-Backdoor-Cookie-0.2.3.html Tue, 13 Mar 2012 00:40:14 GMT WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. http://packetstormsecurity.org/files/110192/darkBC.py.txt http://packetstormsecurity.org/files/110192/darkBC.py.txt http://packetstormsecurity.org/files/110192/darkBC-Python-Connect-Back-Script.html Fri, 24 Feb 2012 23:12:28 GMT This is a small connect-back script written in Python. http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.html Wed, 08 Feb 2012 22:19:13 GMT trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell. http://packetstormsecurity.org/files/109566/VFU-script.rar http://packetstormsecurity.org/files/109566/VFU-script.rar http://packetstormsecurity.org/files/109566/Viper-FakeUpdate-Script.html Wed, 08 Feb 2012 22:12:22 GMT This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit. http://packetstormsecurity.org/files/109345/webacoo-0.2.2.zip http://packetstormsecurity.org/files/109345/webacoo-0.2.2.zip http://packetstormsecurity.org/files/109345/WeBaCoo-Web-Backdoor-Cookie-0.2.2.html Thu, 02 Feb 2012 02:03:43 GMT WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. http://packetstormsecurity.org/files/108871/Backdoor.py.txt http://packetstormsecurity.org/files/108871/Backdoor.py.txt http://packetstormsecurity.org/files/108871/Small-Python-Backdoor.html Sat, 21 Jan 2012 04:46:16 GMT This is a very small backdoor written in Python. http://packetstormsecurity.org/files/108693/priv8-2012-bypass-shell.txt http://packetstormsecurity.org/files/108693/priv8-2012-bypass-shell.txt http://packetstormsecurity.org/files/108693/Priv8-2012-Bypass-Shell.html Mon, 16 Jan 2012 01:11:12 GMT This is a php shell that offers various connect-back methods, the ability to read files, grab source, execute code, etc. http://packetstormsecurity.org/files/108299/log2command-1.0.zip http://packetstormsecurity.org/files/108299/log2command-1.0.zip http://packetstormsecurity.org/files/108299/Log2Command-1.0.html Mon, 02 Jan 2012 15:23:14 GMT log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background. http://packetstormsecurity.org/files/108286/ipsecs-kbeast-v1.tar.gz http://packetstormsecurity.org/files/108286/ipsecs-kbeast-v1.tar.gz http://packetstormsecurity.org/files/108286/KBeast-Kernel-Beast-Linux-Rootkit-2012.html Sun, 01 Jan 2012 17:33:07 GMT KBeast (Kernel Beast) 2012 is a Linux rootkit that hides the loadable kernel module, hides files and directories, hides processes, hides sockets and connections, performs keystroke logging, has anti-kill functionality and more. http://packetstormsecurity.org/files/108009/webacoo-0.2.zip http://packetstormsecurity.org/files/108009/webacoo-0.2.zip http://packetstormsecurity.org/files/108009/WeBaCoo-Web-Backdoor-Cookie-0.2.html Mon, 19 Dec 2011 23:01:24 GMT WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. http://packetstormsecurity.org/files/107700/webacoo-0.1.2.tar.gz http://packetstormsecurity.org/files/107700/webacoo-0.1.2.tar.gz http://packetstormsecurity.org/files/107700/WeBaCoo-Web-Backdoor-Cookie-0.1.2.html Fri, 09 Dec 2011 17:24:42 GMT WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. http://packetstormsecurity.org/files/105893/Jynx-Kit-Pub.tar.gz http://packetstormsecurity.org/files/105893/Jynx-Kit-Pub.tar.gz http://packetstormsecurity.org/files/105893/Jynx-Kit-Userland-Rootkit.html Mon, 17 Oct 2011 14:36:06 GMT Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits. http://packetstormsecurity.org/files/105907/Sst-Sheller.zip http://packetstormsecurity.org/files/105907/Sst-Sheller.zip http://packetstormsecurity.org/files/105907/PHP-SST-Sheller-1.0.html Sun, 16 Oct 2011 17:22:22 GMT This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more. http://packetstormsecurity.org/files/105843/sublime.pl.txt http://packetstormsecurity.org/files/105843/sublime.pl.txt http://packetstormsecurity.org/files/105843/Perl-CGI-Shell.html Sat, 15 Oct 2011 23:36:27 GMT This is a Perl CGI backdoor that provides shell-like capability. http://packetstormsecurity.org/files/105492/knullsh.txt http://packetstormsecurity.org/files/105492/knullsh.txt http://packetstormsecurity.org/files/105492/Knull-Shell-Alpha1.html Sat, 01 Oct 2011 13:11:11 GMT Knull Shell Alpha1 is a PHP shell that has bind, reverse, and backpipe shells. http://packetstormsecurity.org/files/105295/Ani-Shell-1.4.zip http://packetstormsecurity.org/files/105295/Ani-Shell-1.4.zip http://packetstormsecurity.org/files/105295/Ani-Shell-1.4-PHP-Shell.html Thu, 22 Sep 2011 15:53:10 GMT Ani-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features. http://packetstormsecurity.org/files/104540/Turtle2.tar.gz http://packetstormsecurity.org/files/104540/Turtle2.tar.gz http://packetstormsecurity.org/files/104540/Turtle-FreeBSD-Rootkit-2.html Sun, 28 Aug 2011 21:30:51 GMT Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles. http://packetstormsecurity.org/files/104429/h4ckcity.zip http://packetstormsecurity.org/files/104429/h4ckcity.zip http://packetstormsecurity.org/files/104429/H4ckCity-Auto-T00ls-1.0.html Wed, 24 Aug 2011 10:10:10 GMT This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. http://packetstormsecurity.org/files/103820/gotroot.sh.txt http://packetstormsecurity.org/files/103820/gotroot.sh.txt http://packetstormsecurity.org/files/103820/GotRoot-Shell-Script.html Tue, 09 Aug 2011 13:47:26 GMT This post-escalation bash script sanitizes 29 logs, adds a root user, and allows for package installation including hashcat, nmap, and more. Written for Ubuntu. http://packetstormsecurity.org/files/103809/hackcity-shell.tgz http://packetstormsecurity.org/files/103809/hackcity-shell.tgz http://packetstormsecurity.org/files/103809/H4ckcity-Sheller-Code-And-Tutorial.html Sun, 07 Aug 2011 12:12:21 GMT This archive has the H4ckcity PHP backdoor script along with a tutorial written in Persian.