NTP_Trojan – Reverse NTP remote access trojan in python, for penetration...
NTP_Trojan is a Reverse NTP remote access trojan in python, for penetration testers. This idea to create a trojan that uses NTP as it’s command and control channel, as the channel is fairly non-obvious...
View ArticleClik here to view.
Jerricho – a script for deploying simple Linux rootkit and backdoors.
Jerricho is a simple bourne script that quickly drops several persistence mechanisms on a target Linux host. OS Support : Ubuntu, Centos, Debian, FreeBSD. TODO: – Add a web interface for managing the...
View ArticleClik here to view.
Root Pipe : Privileges Escallation and Backdoor Api Root in OSX.
Root Pipe – This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130). this tool to create Hidden backdoor API to root privileges in...
View ArticleUpdates The Backdoor Factory Proxy (BDFProxy) version-0.3.2.
For security professionals and researchers only. Change : Add support for BDF 3.0 This script rides on two libraries for usage: The Backdoor Factory (BDF) and the mitmProxy. Concept: Patch binaries...
View ArticleClik here to view.
Updates The Backdoor Factory (BDF) v-3.0.0 : Patch PE, ELF, Mach-O binaries...
NOTICE: For security professionals and researchers only. Changelog : 04/14/2015 + Change v-3.0 : Auto PE Patching, New IAT Paylaods.Usage: payloadtest.py binary HOST PORTThe goal of BDF is to patch...
View ArticleClik here to view.
Updates MITMf v-0.9.6 : Framework for Man-In-The-Middle attacks.
Changelog MITMf v0.9.6 : + DNSChef integration + FilePwn plugin updated to latest BDFProxy version + Huge amount of bugfixes + Code style fixes Framework for Man-In-The-Middle attacks (Another)...
View Articleiv-wrt – An Intentionally Vulnerable Router Firmware Distribution.
iv-wrt is An intentionally vulnerable router firmware distribution based on OpenWrt. Feature : + Authentication Bypass; Authentication bypass is turned off for the network disgnostics page. + Backdoor;...
View ArticleClik here to view.
pfsense_xmlrpc_backdoor – a PHP backdoor on a pfSense firewall over xmlrpc.php.
pfsense_xmlrpc_backdoor is a sample payload and example use of abusing pfSense’s xmlrpc.php functions to establish a backdoor and get root level access to pfSense firewalls. The backdoor in use at...
View ArticleClik here to view.
thedoor – A horrible linux backdoor module.
thedoor is A horrible linux backdoor module. This is a linux kernel module that adds a device /dev/door. When a correct password is written to this file, you are immediately made root without any...
View ArticleClik here to view.
Updates Exploits v-25.04.15 – Miscellaneous proof of concept exploit code.
Changelog and tool added 25/04/2015: + Exploit for Seowintech Routers diagnostic.cgi Unauthenticated Remote Root Code Execution. Exploit for Seowintech Routers diagnostic.cgi Unauthenticated Remote...
View ArticleClik here to view.
Updates Exploits v-27/04/2014 : Miscellaneous proof of concept exploit code.
Changelog and tool added 25/04/2015: + WPsh0pwn – WordPress WPShop eCommerce Shell Upload (WPVDB-7830) + nmediapwn – WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload + pwnflow...
View ArticleClik here to view.
Updates The Backdoor Factory (BDF) v-3.0.2 : Patch PE, ELF, Mach-O binaries...
NOTICE: For security professionals and researchers only. Changelog : 4/28/2015 + Adding check for Bound Imports (PE files with bound imports will not be patched)Usage: payloadtest.py binary HOST...
View ArticleReverse TCP Shell is A simple reverse tcp backdoor.
Reverse TCP Shell is A simple reverse tcp backdoor. Two files are provided : + reverse_tcp.py — malicious python code, run it on victim side. — can be packed into “exe” file using pyinstaller and run...
View ArticleClik here to view.
Updates Exploits v-20/05/2015 : Miscellaneous proof of concept exploit code.
Changelog and tool added 20/05/2015: Add SuiteShell : Exploit for SuiteCRM Post-Authentication Shell Upload. Disclosure Timeline: 05/05/2015: Vulnerability discovered and validated. SuiteCRM contacted...
View Articlepambd – small and fast solution to create a undetectable backdoor through the...
This trick shows you how to create a PAM module backdoor that allows to execute an user login with your own custom password. If you try to make the login with the real password of the target user and...
View ArticleClik here to view.
Updates MITMf v-0.9.7 : Framework for Man-In-The-Middle attacks.
Changelog MITMf v0.9.7 : – Config file now updated on the fly – Addition of the ScreenShotter and Ferret-NG plugins – Responder code re-written – Addition of a SMB server (Impacket) – JavaPwn plugin...
View ArticleClik here to view.
Linux backdoor implementation written in Python.
A backdoor is perceived as a negative vulnerability because it allows an attacker to obtain access to a victim’s machine without proper credentials. However, a backdoor is more than just a tool of...
View ArticleOS X Backdoored ping.
P I N G . C : Using the Internet Control Message Protocol (ICMP) “ECHO” facility, measure round-trip-delays and packet loss across network paths. This is just the normal OS X ping, but if you run it...
View ArticleClik here to view.
Updates Parrot 2.0rc6+ : is a cloud friendly operating system designed for...
Changelog Parrot 2.0rc6+: + UPGRADE Due to the upgrade problems from debian wheezy to debian jessie, the upgrade from parrot 1.9 and parrot 2.0 will probably be impossible to be done, but the good news...
View ArticlePerlBackdoor – a advanced Perl Backdoor.
PerlBackdoor – a advanced Perl Backdoor. Script :#!/usr/bin/perl # # Advanced perl backdoor # # http://www.purificato.org # https://github.com/bunk3r/perlbackdoor # use warnings; use strict; use...
View Article