Suck-O Time

Who's online


Now online:
  • 129 guests

Latest members:
  • iradacomb53131110
  • grantspringthorpe
  • delilahbustos249
  • doriscorreia206
  • clevelandf7389136956

Total members: 42123

Resources

Latest posts

Sorry, the latest posts are only visible to registered users in order to protect privacy!
Our forums contain more than 72.000 posts in more than 9.500 topics at the moment.

Feel free to register for an account here.

-----

The benefits if you are a registered user:

- Forum access
- Downloads access
- Event calendar access
- Submit links to your sites
- Submit events
- Submit articles
- Apply for an own blog

 


Downloads
Overview Search Downloads Up
Category: Rootkits
Please register or login to download files from this category.
Files:
FUTo Version:1.0

FUTo is the successor of FU. Its accompanying research paper can be found at www.uninformed.org. FUTo currently hides from Blacklight and IceSword as of the initial release.

Created
Size
Downloads
2010-07-19 12:46:57
472.42 KB
67
Basic Rootkit Version:0.7

Hides files, directories, and processes.

Created
Size
Downloads
2010-07-19 12:46:57
5.4 KB
91
WinLogon Hijack Version:0.3

Winlogonhijack injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext.

Created
Size
Downloads
2010-07-19 12:46:57
103.18 KB
75
NT Rootkit Version:0.4.4

The original and first public - has not been updated for many years but is good for ideas.

Created
Size
Downloads
2010-07-19 12:46:57
252.44 KB
53
NtIllusion Version:1.0

A portable Win32 userland rootkit. NtIllusion is an userland rootkit for win 2000/XP systems. It uses Dll injection and API entry point rewriting to perform its stealth. This is more a proof of concept than a true hax0r tool.

Created
Size
Downloads
2010-07-19 12:46:57
336.83 KB
53
BootRoot Version:0.9

BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads.

Created
Size
Downloads
2010-07-19 12:46:57
79.37 KB
56
SInAR Version:0.1

A Cross architecture Solaris rootkit the development of which is aimed to both increase understanding of the Solaris OS and to show that it's not just the external threats that a Solaris Admin should worry about.

Created
Size
Downloads
2010-07-19 12:46:57
5.51 KB
42
HE4HOOK Version:215b6

This is the Russian rootkit, HE4HOOK. This code is very complete.

Created
Size
Downloads
2010-07-19 12:46:57
241.61 KB
75
IceSword Version:1.22

IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine.

Created
Size
Downloads
2010-07-19 12:46:57
2.1 MB
72
Bootkit basic Version:1.0

Bootkit basic rootkit.

Created
Size
Downloads
2010-07-19 12:46:57
70.76 KB
49
hidethread Version:1.0.0

This is proof of concept code with a reusable function for injecting arbitrary functions into a process and then execute that function within the context of the process. This is useful for lots of things, none more obvious than hiding process execution. This code is however specific to NT as it uses functions such as VirtualAllocEx and CreateRemoteThread.

Created
Size
Downloads
2010-07-19 12:46:57
2.93 KB
45
Logoner Version:0.0.2

Logoner is first AC application. It hooks winlogon.exe process and captures user/domain/password combination to logfile winlogon.log in the system directory.

Created
Size
Downloads
2010-07-19 12:46:57
1.75 KB
56
Vanquish Version:0.2.0

Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords.

Created
Size
Downloads
2010-07-19 12:46:57
42.79 KB
56
FU Version:1.0

The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!) All this without any hooking.

Created
Size
Downloads
2010-07-19 12:46:57
2.54 MB
53
WinEggDrop Shell Eternity Version

A telnetd backdoor(only works on NT systems).

Created
Size
Downloads
2010-07-19 12:46:57
293.26 KB
42
AFX Rootkit 2005

This program patches Windows API to hide certain objects from being listed. FOR WINDOWS NT/2000/XP/2003 ONLY!

Created
Size
Downloads
2010-07-19 12:46:57
263.96 KB
48
Hacker Defender Version:1.0.0

This is the Hacker Defender rootkit for Windows. This is more of a 'blackhat' tool than a training example. It is the most popular and wide spread rootkit today.

Created
Size
Downloads
2010-07-19 12:46:57
137.35 KB
90
Morphine Version:2.7

Morphine is very unique application for PE files encryption. Unlike other PE encryptors and compressors Morphine includes own PE loader which enables it to put whole source image to the .text section of new PE file. This one is very powerful because you can compress source file with your favourite compressor like UPX and then encrypt its output with Morphine. Another powerful thing here is polymorphic engine which always creates absolutely different decryptor for the new PE file. This mean if your favourite trojan horse is detected by an antivirus you can encrypt it with Morphine. You will not get the virus alert again.

Created
Size
Downloads
2010-07-19 12:46:57
55.78 KB
78