http://ping-of-death.blogspot.com/2009/07/edmunds-rootkit-collection-downloads-w.html
I was thinking of posting them individually, but I didn’t want it to be seen as “spamming”, so here’s all the rootkits I have. These are all RS downloads.
Almost all files are zipped.
Some are tar.gz and others .rar.
Happy Hacking.
Legend:
Rootkit name
Description
download link
————————————–
Vanquish Rootkit
Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords.
Rootkit name
Description
download link
————————————–
Vanquish Rootkit
Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords.
http://rapidshare.com/files/214735218/vanquish-0.2.1.zip
NT Rootkit
The original and first public NT ROOTKIT – has not been updated for many years but is good for ideas.
The original and first public NT ROOTKIT – has not been updated for many years but is good for ideas.
http://rapidshare.com/files/214735636/rk_044.zip
FU Rootkit
The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!). (Look, Mom, no hands!) It does all this by Direct Kernel Object Manipulation (TM); no hooking! This project has been evolving other time. It was originally conceived as a proof-of-concept. FU is a play on words from the UNIX program “su” used to elevate privilege.
The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!). (Look, Mom, no hands!) It does all this by Direct Kernel Object Manipulation (TM); no hooking! This project has been evolving other time. It was originally conceived as a proof-of-concept. FU is a play on words from the UNIX program “su” used to elevate privilege.
http://rapidshare.com/files/214736334/FU_Rootkit.zip
WinLogonHijack Rootkit
Winlogonhijack injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext.
Winlogonhijack injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext.
http://rapidshare.com/files/214736739/winlogonhijack-v0.3-src.rar
MyNetwork Rootkit
This ethernet bridge allows many subnets to connect to one another, supports a central server, and watches ARP and ethernet traffic to maintain a MAC-router table. (windows vc7++) requires winpcap
This ethernet bridge allows many subnets to connect to one another, supports a central server, and watches ARP and ethernet traffic to maintain a MAC-router table. (windows vc7++) requires winpcap
http://rapidshare.com/files/214737889/MyNetwork.zip
Vice Rootkit
VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT’s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT’s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
http://rapidshare.com/files/214738213/vice.zip
KIog Rootkit
Klog demonstrates how to use a kernel filter driver to implement a simple key logger.
[code]http://rapidshare.com/files/214738979/Klog_1.0.zip[/code
Klog demonstrates how to use a kernel filter driver to implement a simple key logger.
[code]http://rapidshare.com/files/214738979/Klog_1.0.zip[/code
]AFX Rootkit '05
This OPEN SOURCE Delphi rootkit uses code injection and hooks Windows native API to hide processes, modules, handles, files, ports, registry keys, etc.
This OPEN SOURCE Delphi rootkit uses code injection and hooks Windows native API to hide processes, modules, handles, files, ports, registry keys, etc.
http://rapidshare.com/files/214739475/AFXRootkit2005.zip
SinAR Rootkit
A Cross architecture Solaris rootkit.
A Cross architecture Solaris rootkit.
http://rapidshare.com/files/214740016/SInAR-0.1.tar.gz
Shadow Walker Rootkit
Shadow Walker as seen at Black Hat and Phrack 63.
Shadow Walker as seen at Black Hat and Phrack 63.
http://rapidshare.com/files/214740632/Shadow_Walker_1.0.rar
CFSD Rootkit
FUTo Rootkit
FUTo is the successor of FU. Its accompanying research paper can be found at
FUTo is the successor of FU. Its accompanying research paper can be found at
www.uninformed.org
. FUTo currently hides from Blacklight and IceSword as of the initial release.
http://rapidshare.com/files/214741940/FUTo_enhanced.zip
WMFT
WMFT Rootkit
Windows Memory Forensic Toolkit (WMFT) is a collection of utilities intended for forensic use. WMFT can be used to perform forensic analysis of physical memory images acquired from Windows 2003/XP machines.
Windows Memory Forensic Toolkit (WMFT) is a collection of utilities intended for forensic use. WMFT can be used to perform forensic analysis of physical memory images acquired from Windows 2003/XP machines.
http://rapidshare.com/files/214742116/wmftv02.zip
RAIDE Rootkit remover
RAIDE stands for Rootkit Analysis Identification Elimination. RAIDE is a rootkit detection/removal tool.
RAIDE stands for Rootkit Analysis Identification Elimination. RAIDE is a rootkit detection/removal tool.
http://rapidshare.com/files/214742492/RAIDE_BETA_1.zip
BootKitBasic RootKit
BOOT KIT is a project related to custom boot sector code subverting Windows NT Security Model.The sample presented currently keeps on escalating cmd.exe to system privileges every 30 secs.
It has several features
1) It's very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
2) It patches the kernel at runtime(no files are patched on disk).
3) BOOT KIT is PXE-compatible.
4)It can even lead to first ever PXE virus
5)It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator.
BOOT KIT is a project related to custom boot sector code subverting Windows NT Security Model.The sample presented currently keeps on escalating cmd.exe to system privileges every 30 secs.
It has several features
1) It's very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
2) It patches the kernel at runtime(no files are patched on disk).
3) BOOT KIT is PXE-compatible.
4)It can even lead to first ever PXE virus
5)It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator.
http://rapidshare.com/files/214742926/bootkitbasic.zip
Defrag Rootkit
Windows NT/2K/XP Defragmentierer fuer FAT12/16/32/NTFS-Partitione.
Windows NT/2K/XP Defragmentierer fuer FAT12/16/32/NTFS-Partitione.
http://rapidshare.com/files/214743554/defragger30b_src.zip
Keyboard Hook
Ps/2 Keyboard Hook with only 1-bit in the Keyboard Controller.
Ps/2 Keyboard Hook with only 1-bit in the Keyboard Controller.
http://rapidshare.com/files/214744072/Ps2_Keyboard_Polling.zip
And...
For fun...
For fun...
CheatEngine
Cheat Engine is a tool designed to give you the upper hand in games, but also contains other usefull tools to help debugging games and even normal applications.
Cheat Engine is a tool designed to give you the upper hand in games, but also contains other usefull tools to help debugging games and even normal applications.
http://rapidshare.com/files/214744668/CheatEngine54src.rar
Just got done uploading all of these today, so there shouldn't be any broken links.
But if there is, let me know.
But if there is, let me know.
**THESE DO NOT CONTAIN VIRUSES**
THEY CONTAIN INACTIVE ROOTKITS
Until you activate them, that is...
Wouldn't run these on your PC.
THEY CONTAIN INACTIVE ROOTKITS
Until you activate them, that is...
Wouldn't run these on your PC.
All files should contain tutorials.
I'm not held responsible for what you do with these rootkits.
I'm not held responsible for what you do with these rootkits.
author : indounderground n phphack
No comments:
Post a Comment