Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 12:13:30 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2244184423&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Flinux%2Fmodules%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2244184423.1338207210.1338207210.1338207210.1%3B%2B__utmz%3D32867617.1338207210.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/97498/pam_shield-0.9.5.tar.gz http://packetstormsecurity.org/files/97498/pam_shield-0.9.5.tar.gz http://packetstormsecurity.org/files/97498/pam_shield-Null-Routing-PAM-Module-0.9.5.html Thu, 13 Jan 2011 04:06:22 GMT pam_shield is a PAM module that uses null-routing or iptables to lock out script kiddies that probe your computer for open logins or easy guessable passwords. pam_shield is meant as an aid to protect public computers on the Internet. http://packetstormsecurity.org/files/93516/pam_shield-0.9.4.tar.gz http://packetstormsecurity.org/files/93516/pam_shield-0.9.4.tar.gz http://packetstormsecurity.org/files/93516/pam_shield-Null-Routing-PAM-Module-0.9.4.html Mon, 06 Sep 2010 02:41:45 GMT pam_shield is a PAM module that uses null-routing or iptables to lock out script kiddies that probe your computer for open logins or easy guessable passwords. pam_shield is meant as an aid to protect public computers on the Internet. http://packetstormsecurity.org/files/75862/sptrace-1.4.2.tar.gz http://packetstormsecurity.org/files/75862/sptrace-1.4.2.tar.gz http://packetstormsecurity.org/files/75862/sptrace-LKM-ptrace-Control.html Thu, 19 Mar 2009 01:41:13 GMT sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace(). http://packetstormsecurity.org/files/63600/useless-vmsplice.tar.gz http://packetstormsecurity.org/files/63600/useless-vmsplice.tar.gz http://packetstormsecurity.org/files/63600/useless-vmsplice.tar.gz.html Wed, 13 Feb 2008 22:25:33 GMT This is a kernel module for Linux 2.6 to replace vmsplice() function with another that does nothing. The purpose of the module is to evade the attacks to the system call logging to kernel messages the usage attempts of vmsplice() with the arguments. http://packetstormsecurity.org/files/62177/sptrace-1.4.1.tar.gz http://packetstormsecurity.org/files/62177/sptrace-1.4.1.tar.gz http://packetstormsecurity.org/files/62177/sptrace-1.4.1.tar.gz.html Sat, 29 Dec 2007 20:49:17 GMT sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace(). http://packetstormsecurity.org/files/57131/uidbind-lsm-0.4.tar.gz http://packetstormsecurity.org/files/57131/uidbind-lsm-0.4.tar.gz http://packetstormsecurity.org/files/57131/uidbind-lsm-0.4.tar.gz.html Mon, 11 Jun 2007 00:38:56 GMT UidBind is a simple LSM module that restricts calls to the bind() function to the UID/GID defined in a configfs tree. http://packetstormsecurity.org/files/41707/digsig-1.3.2.tar.gz http://packetstormsecurity.org/files/41707/digsig-1.3.2.tar.gz http://packetstormsecurity.org/files/41707/digsig-1.3.2.tar.gz.html Sun, 20 Nov 2005 20:42:45 GMT DigSig kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verifies this signature before loading the binary. It is based on the Linux Security Module hooks (standard in main stream Linux kernel 2.5.66 and higher). Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Trojan programs, and backdoors from running on the system. http://packetstormsecurity.org/files/34329/portknock-sshd_lkm.c http://packetstormsecurity.org/files/34329/portknock-sshd_lkm.c http://packetstormsecurity.org/files/34329/portknock-sshd_lkm.c.html Mon, 13 Sep 2004 21:12:18 GMT Kernel module using portknocking to get sshd spawned after challenging a list of specified daemons. Designed for 2.4 kernels. http://packetstormsecurity.org/files/34046/sptrace-1.4.0.tar.gz http://packetstormsecurity.org/files/34046/sptrace-1.4.0.tar.gz http://packetstormsecurity.org/files/34046/sptrace-1.4.0.tar.gz.html Fri, 13 Aug 2004 15:19:39 GMT sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace(). http://packetstormsecurity.org/files/33874/write-filter_lkm.c http://packetstormsecurity.org/files/33874/write-filter_lkm.c http://packetstormsecurity.org/files/33874/write-filter_lkm.c.html Mon, 26 Jul 2004 15:21:29 GMT Linux kernel module that will filter writes for the 2.4 kernel series. http://packetstormsecurity.org/files/33873/uname_lkm.c http://packetstormsecurity.org/files/33873/uname_lkm.c http://packetstormsecurity.org/files/33873/uname_lkm.c.html Mon, 26 Jul 2004 15:19:01 GMT Linux kernel module that will fake uname output for the 2.4 kernel series. http://packetstormsecurity.org/files/32457/yinyang-1.0.zip http://packetstormsecurity.org/files/32457/yinyang-1.0.zip http://packetstormsecurity.org/files/32457/yinyang-1.0.zip.html Tue, 06 Jan 2004 01:13:32 GMT yinyang is a kernel module used to detect a file opening and passes that information to a daemon for action such as logging file transactions, anti-virus checking, and other file activities. Ideal for real-time on-access file scanning. http://packetstormsecurity.org/files/32232/mod_icmp.c http://packetstormsecurity.org/files/32232/mod_icmp.c http://packetstormsecurity.org/files/32232/mod_icmp.c.html Fri, 21 Nov 2003 18:37:50 GMT This linux kernel module acts like an icmp proxy for echo/echo-reply packets at kernel level, preventing icmp tunnels through firewalls or directly to the server it is installed on. http://packetstormsecurity.org/files/31903/sexy-socket.c http://packetstormsecurity.org/files/31903/sexy-socket.c http://packetstormsecurity.org/files/31903/sexy-socket.c.html Thu, 30 Oct 2003 04:48:09 GMT Sexy-SOCKET v0.1 is a Linux LKM which restricts creation of AF_INET sockets to the root account only. Works on kernels v2.2.x and 2.4.x. http://packetstormsecurity.org/files/31563/frontkey.tgz http://packetstormsecurity.org/files/31563/frontkey.tgz http://packetstormsecurity.org/files/31563/frontkey.tgz.html Tue, 26 Aug 2003 03:17:32 GMT Remote administration kernel module designed for the 2.4 series. It replaces system calls by inserting a push ret at the beginning of system_call, making the program jump to specified code. It provides a remote terminal backdoor through SYS_read hooking which means you can enter the box through any open tcp port. The connection is XOR encrypted and the module hides ports and pids. It also hides itself from vmalloc structure scanning and lsmod. Tested on Redhat 7.2 and 8.0. Currently lacks SMP support and is not considered stable so please exercise caution when utilizing this. http://packetstormsecurity.org/files/30977/lkminject.sh http://packetstormsecurity.org/files/30977/lkminject.sh http://packetstormsecurity.org/files/30977/lkminject.sh.html Thu, 03 Apr 2003 05:04:59 GMT lkminject is a script that builds a binary which will allow you to inject a module inside of a kernel module. http://packetstormsecurity.org/files/30965/fuckptrace.c http://packetstormsecurity.org/files/30965/fuckptrace.c http://packetstormsecurity.org/files/30965/fuckptrace.c.html Wed, 02 Apr 2003 03:20:50 GMT fuckptrace is a Linux kernel module used for bypassing anti-ptrace protection used against the reverse engineering process. http://packetstormsecurity.org/files/30964/nfbypass.c http://packetstormsecurity.org/files/30964/nfbypass.c http://packetstormsecurity.org/files/30964/nfbypass.c.html Wed, 02 Apr 2003 03:19:41 GMT nfbypass is a Linux kernel module for the 2.4.x series which, when inserted, will bypass netfilter rules. http://packetstormsecurity.org/files/30551/hmod-0.2.tar.gz http://packetstormsecurity.org/files/30551/hmod-0.2.tar.gz http://packetstormsecurity.org/files/30551/hmod-0.2.tar.gz.html Tue, 03 Dec 2002 06:24:22 GMT Hmod v0.2 is a linux module which hides and shows other modules. http://packetstormsecurity.org/files/26599/stealth.c http://packetstormsecurity.org/files/26599/stealth.c http://packetstormsecurity.org/files/26599/stealth.c.html Tue, 27 Aug 2002 05:50:20 GMT Stealth.c is a Linux 2.2.x kernel module which discards packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. http://packetstormsecurity.org/files/26491/khideee.c http://packetstormsecurity.org/files/26491/khideee.c http://packetstormsecurity.org/files/26491/khideee.c.html Wed, 31 Jul 2002 07:06:23 GMT This Linux LKM allows you to hide tasks to KSTAT, a tool used to find attackers in your system by a direct analysis of the kernel through /dev/kmem. StMichael_LKM 0.10 (default installation) will not detect this. Tested on Linux 2.4.x kernels. http://packetstormsecurity.org/files/11241/krnsniff.c http://packetstormsecurity.org/files/11241/krnsniff.c http://packetstormsecurity.org/files/11241/krnsniff.c.html Tue, 07 Dec 1999 20:46:31 GMT krnsniff.c v0.1a - A kernel based sniffer module tested on linux-2.2.5 kernel. Nearly undetectable if a module hider is loaded. http://packetstormsecurity.org/files/11239/cocain.c http://packetstormsecurity.org/files/11239/cocain.c http://packetstormsecurity.org/files/11239/cocain.c.html Thu, 07 Oct 1999 19:16:39 GMT Module to hide processes and files. http://packetstormsecurity.org/files/11240/krnhide.c http://packetstormsecurity.org/files/11240/krnhide.c http://packetstormsecurity.org/files/11240/krnhide.c.html Thu, 07 Oct 1999 19:16:39 GMT Generic module hidder, for linux 2.2.x kernels. Hides the last module installed. http://packetstormsecurity.org/files/11238/megas.c http://packetstormsecurity.org/files/11238/megas.c http://packetstormsecurity.org/files/11238/megas.c.html Thu, 07 Oct 1999 19:16:39 GMT Module to retrieve privilege to processes.