Suck-O Time

Support us

Donate using PayPal

Amount:  

Your nickname:

Latest posts

Our forums contain more than 72.000 posts in more than 10.00 topics at the moment.

Feel free to register for an account here.
Downloads
Overview Search Downloads Up
Category: Rootkits
Select all files:
Files:
FUTo Version:1.0

FUTo is the successor of FU. Its accompanying research paper can be found at www.uninformed.org. FUTo currently hides from Blacklight and IceSword as of the initial release.

Created
Size
Downloads
2010-07-19 12:46:57
472.42 KB
280
Basic Rootkit Version:0.7

Hides files, directories, and processes.

Created
Size
Downloads
2010-07-19 12:46:57
5.4 KB
311
WinLogon Hijack Version:0.3

Winlogonhijack injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext.

Created
Size
Downloads
2010-07-19 12:46:57
103.18 KB
289
NT Rootkit Version:0.4.4

The original and first public - has not been updated for many years but is good for ideas.

Created
Size
Downloads
2010-07-19 12:46:57
252.44 KB
270
NtIllusion Version:1.0

A portable Win32 userland rootkit. NtIllusion is an userland rootkit for win 2000/XP systems. It uses Dll injection and API entry point rewriting to perform its stealth. This is more a proof of concept than a true hax0r tool.

Created
Size
Downloads
2010-07-19 12:46:57
336.83 KB
278
BootRoot Version:0.9

BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads.

Created
Size
Downloads
2010-07-19 12:46:57
79.37 KB
273
SInAR Version:0.1

A Cross architecture Solaris rootkit the development of which is aimed to both increase understanding of the Solaris OS and to show that it's not just the external threats that a Solaris Admin should worry about.

Created
Size
Downloads
2010-07-19 12:46:57
5.51 KB
251
HE4HOOK Version:215b6

This is the Russian rootkit, HE4HOOK. This code is very complete.

Created
Size
Downloads
2010-07-19 12:46:57
241.61 KB
295
IceSword Version:1.22

IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine.

Created
Size
Downloads
2010-07-19 12:46:57
2.1 MB
295
Bootkit basic Version:1.0

Bootkit basic rootkit.

Created
Size
Downloads
2010-07-19 12:46:57
70.76 KB
267
hidethread Version:1.0.0

This is proof of concept code with a reusable function for injecting arbitrary functions into a process and then execute that function within the context of the process. This is useful for lots of things, none more obvious than hiding process execution. This code is however specific to NT as it uses functions such as VirtualAllocEx and CreateRemoteThread.

Created
Size
Downloads
2010-07-19 12:46:57
2.93 KB
251
Logoner Version:0.0.2

Logoner is first AC application. It hooks winlogon.exe process and captures user/domain/password combination to logfile winlogon.log in the system directory.

Created
Size
Downloads
2010-07-19 12:46:57
1.75 KB
271
Vanquish Version:0.2.0

Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords.

Created
Size
Downloads
2010-07-19 12:46:57
42.79 KB
266
FU Version:1.0

The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!) All this without any hooking.

Created
Size
Downloads
2010-07-19 12:46:57
2.54 MB
260
WinEggDrop Shell Eternity Version

A telnetd backdoor(only works on NT systems).

Created
Size
Downloads
2010-07-19 12:46:57
293.26 KB
264
AFX Rootkit 2005

This program patches Windows API to hide certain objects from being listed. FOR WINDOWS NT/2000/XP/2003 ONLY!

Created
Size
Downloads
2010-07-19 12:46:57
263.96 KB
268
Hacker Defender Version:1.0.0

This is the Hacker Defender rootkit for Windows. This is more of a 'blackhat' tool than a training example. It is the most popular and wide spread rootkit today.

Created
Size
Downloads
2010-07-19 12:46:57
137.35 KB
306
Morphine Version:2.7

Morphine is very unique application for PE files encryption. Unlike other PE encryptors and compressors Morphine includes own PE loader which enables it to put whole source image to the .text section of new PE file. This one is very powerful because you can compress source file with your favourite compressor like UPX and then encrypt its output with Morphine. Another powerful thing here is polymorphic engine which always creates absolutely different decryptor for the new PE file. This mean if your favourite trojan horse is detected by an antivirus you can encrypt it with Morphine. You will not get the virus alert again.

Created
Size
Downloads
2010-07-19 12:46:57
55.78 KB
284