A plugin that sends you an email with the host's IP address once installed.

[download]

IRC plugin for BO2K v1.0. It is an IRC client, Channel bot style. Is fully customizable and logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The Bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc.

[download]

KSEC - Kernel Security Checker

pIGpEN

Great tool useful to find an attacker in your system by a direct analysis of the kernel throught /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs).
KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more...
[FreeBSD, OpenBSD - c source]

KSTAT - Kernel Security Therapy Anti-Trolls

FuSyS

Great tool useful to find an attacker in your system by a direct analysis of the kernel throught /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs).
Kstat can find the syscalls wich were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more...
[Linux - c source]

Anti Anti Sniffer Patch

vecna

Kernel patches to hide a sniffer from the most known anti-sniffers.
[Linux - c source]

Fingerprint Fucker

FuSyS & |CyRaX|

This LKM changes the linux stack to emulate other operative systems against nmap fingerprints (maybe others).
[Linux - LKM c source]

Securelevel Bypass

pIGpEN

This kld gives you permission to load/unload a kld and modify a sysctl value even if you aren't root and securelevel is higher than 0.
[FreeBSD - KLD c source]

SMonitor

pIGpEN

Using this tool you are allowed to monitor the use of the syscalls on your system and to prevent their execution for the specified users/groups.
[FreeBSD - c source]

LIBVSK 1.0

vecna

Libvsk is a set of libraries for network traffic manipulation from userlevel, whith some functions of filtrering/sniffing.
[Linux - c source]

Simple Packet Forwarder

vecna

Simple packet forwarder from datalink level (needs libvsk).
[Linux - c source]

Sinto

vecna

This tool lets you send and execute commands on a hijacked tty.
[Linux - c source]

Piove

vecna

This module shows how to intercept getpass(3) function and print anything that is typed without terminal echo.
[FreeBSD - KLD c source]

SRaw (FreeBSD 4)

pIGpEN

All users are allowed to open raw sockets: this kld disables EPERM in socket() and permits to allocate inpcb even if the socket is raw and users haven't root permissions bypassing suser() in pru_attach() functions.
[FreeBSD - KLD c source]

SRaw (OpenBSD)

pIGpEN

This code makes all users able to open raw sockets. Supported protocols are IPPROTO_RAW, IPPROTO_ICMP, IPPROTO_IPIP, IPPROTO_IPV4, IPPROTO_IGMP.
[OpenBSD - c source]

THC Backdoor (OpenBSD)

pIGpEN

This is a simple but useful backdoor for OpenBSD based on a FreeBSD lkm by pragmatic/THC
[OpenBSD - c source]

THC Backdoor (Linux)

bELFaghor

This is a simple but useful backdoor for Linux based on a FreeBSD lkm by pragmatic/THC
[Linux - c source]

L.L.H.M. - Low Level Header Manipulation

valv0

This tool hides pieces of information in your files.
[Win32 - c source]

SMS Spoofing

Jack McKraK

Spoof your SMS by using this code with smsclient.
[Linux - c source]

LKM Detector

pIGpEN

Module that finds LKM that modify the system. It acts comparing the original address fo a kernel routine and the effective address where the internal pointer to that structure refers.
Documentation: 'LKM: TR0VARLi' , BFi8 File 23 (Aprile 2k)
[FreeBSD - KLD c source]

SRaw for FreeBSD

pIGpEN

All users are allowed to open raw sockets...
This kld disables EPERM in socket() and permits to allocate inpcb even if the socket is raw and users haven't root permissions... bypassing suser() in pru_attach() functions...
[FreeBSD - KLD c source]

Network kernel hackin' on a FreeBSD box

pIGpEN

We can change functions of a struct of inetsw[], we can change mbuf structures... we can access inpcb,inpcbinfo structures... we can change options of every layer in a connection...
[FreeBSD - c source]

Crypto Library v0.1b

valv{0} & vecna

Implementation of RSA cryptographic system.
Documentation: 'RSA E CRiTT0GRAFiA SiMMETRiCA FTM' , BFi8 File 18 (Aprile 2k)
[Win32 - c++ sources]

SCNS

del0rean

Simple Community Name sniffer.
Documentation: 'SNMP C0MMUNiTY NAME SNiFFER' , BFi8 File 16 (Aprile 2k)
[Linux - c source]

oMBRa

FuSyS

Loadable Kernel Module for hiding in the system. Implementation of CaRoGNa module, for Linux 2.2.x kernel
Documentation: '0MBRE E LUCi DEL KERNEL LiNUX 2.2.X: oMBRa LKM' , BFi8 File 14 (Aprile 2k)
[Linux - LKM c source]

LuCe

FuSyS

Kernel module for Linux that watches the system, and add the ability to add on the fly increased security to an existing configuration. It contains a simple implementation of BSD securelevel, waiting for official implementation with Linux Capabilities [POSIX 1.e] in the 2.4.x kernel of solid ACL.
Documentation: '0MBRE E LUCi DEL KERNEL LiNUX 2.2.X: LuCe LKM' , BFi8 File 15 (Aprile 2k)
[Linux - LKM c source]

N0Sp00f (Linux)

FuSyS

Simple module that avoids that our system will be used as hop start for spoofed attacks. Implementation for Linux 2.2.x - Datalink Bypassable and Network Layer Protection
Documentation: 'DDoS PET-NEMESiS: SP00FiNG DETECTi0N' , BFi8 File 13 (Aprile 2k)
[Linux - LKM c source]

N0Sp00f (FreeBSD)

pIGpEN

This KLD finds ip spoofing attempts, if based on setsockopt() system call, via IP_HDRINCL.- Datalink Bypassable and Network Layer Protection
Documentation: 'DDoS PET-NEMESiS: SP00FiNG DETECTi0N' , BFi8 File 13 (Aprile 2k)
[FreeBSD - KLD c source]

N0Sp00f (OpenBSD)

pIGpEN

Protection for IP_HDRINCL; diff file for /sys/netinet/raw_ip.c of OpenBSD 2.6 - Datalink Bypassable and Network Layer protection
Documentation: 'DDoS PET-NEMESiS: SP00FiNG DETECTi0N' , BFi8 File 13 (Aprile 2k)
[OpenBSD - c source + diff]

Obscura (FreeBSD)

pIGpEN

Total obscurity of PROMISC mode.
DDocumentation: 'FADE TO BLACK DEL PROMISC MODE... MA...' , BFi8 File 12 (Aprile 2k)
[FreeBSD - c source]

Obscura(OpenBSD)

pIGpEN

Total obscurity of PROMISC mode.
DDocumentation: 'FADE TO BLACK DEL PROMISC MODE... MA...' , BFi8 File 12 (Aprile 2k)
[OpenBSD - c source]

Bad Packets Logger

pIGpEN

Module that uses the stat UDP structures and shows via syslog the source of suspect packets.
Documentation: 'UTiLiZZARE LE STRUTTURE Di STATiSTiCA DEL KERNEL' , BFi8 File 11 (Aprile 2k)
[FreeBSD - KLD c source]

Kerninetstat (FreeBSD)

pIGpEN

This simple source uses sysctlbyname() in order to get statistics of a protocolo, useful for analyzing them for security reasons or for testing the kernel.
Documentation: 'UTiLiZZARE LE STRUTTURE Di STATiSTiCA DEL KERNEL' , BFi8 File 11 (Aprile 2k)
[FreeBSD - KLD c source]

Kerninetstat (OpenBSD)

pIGpEN

Kerninetstat porting (FreeBSD) for OpenBSD.
Documentation: 'UTiLiZZARE LE STRUTTURE Di STATiSTiCA DEL KERNEL' , BFi8 File 11 (Aprile 2k)
[OpenBSD - lkm c source]

Hacking IP FILTER (FreeBSD)

pIGpEN

Kernel module that bypass ipfilter rules.
Documentation: 'HACKiNG iPFiLTER ViA LKM' , BFi8 File 10 (Aprile 2k)
[FreeBSD - KLD c source]

Hacking IP FILTER (OpenBSD)

pIGpEN

Kernel module that bypass ipfilter rules.
Documentation: 'HACKiNG iPFiLTER ViA LKM',BFi8 File 10 (Aprile 2k)
[OpenBSD - lkm c source]

Eth.Out. Example

pIGpEN

Example of modified output function for an ethernet interface.
Documentation: 'BSD KERNEL: AGiRE SULLE iNTERFACCE Di RETE' , BFi8 File 9 (Aprile 2k)
[FreeBSD - KLD c source]

KCheck

pIGpEN

IGMP/ICMP/IPIP/IDP/RSVP/IPIP/IPPROTO_RAW Kernel checker.
Documentation: 'BSD KERNEL: AGiRE SULLE R0UTiNE Di iNTERFACCiAMENT0 TRA PR0T0C0LL0 E S0CKET' , BFi8 File 8 (Aprile 2k)
[FreeBSD - KLD c source]

UDP Spoof Detect

pIGpEN

KLD that detects UDP spoofing tries.
Documentation: 'BSD KERNEL: AGiRE SULLE R0UTiNE Di iNTERFACCiAMENT0 TRA PR0T0C0LL0 E S0CKET' , BFi8 File 8 (Aprile 2k)
[FreeBSD - KLD c source]

NetRaider

\sPIRIT\

Remote administration tool
[win32 - asm source]

sWEETM+NT

\sPIRIT\

Network scanning tool (outdated)
[linux - bash script]

FwBypass

pIGpEN

Kernel Module that permits to bypass the firewall when the request comes from a specified ip address.
[FreeBSD - c source]

NetHack

pIGpEN

Network kernel hacking on a FreeBSD box.
[FreeBSD - c source]

PrintSux

pIGpEN

This src grabs documents printed on a network printer installed with lpd.
It works only with normal hubs and without security layers.
[Linux - c source]

GORK v2.0b

pIGpEN

tcp/udp/icmp/ip dumper which also permits to log only packets with the specified source/destination host and port; it supports the pcap library.
version 2.0b - bugs fixed
[Linux/*BSD - c source]

SPJY2Ksniff
(newbie version)

FuSyS

Network sniffer to operate passive attacks and find weaknesses in the protection of the traffic on your LAN. It uses the pcap(3) library to access to datalink level. Newbie (limited) version.
[Linux - c source]

cdda2cdr exploit

FuSyS

/usr/bin/cdda2cdr exploit on SuSE 6.2
Documentation: 'HACKiNG SPiCCi0L0' , BFi 7 File 11 (Dicembre 99)
[Linux SuSE 6.2 - bash script]

SpoofLKM

pIGpEN

LKMs to forge and detect spoofed packets on your host.
Documentation: 'SP00FiNG & SP00FiNG DETECTi0N ViA LKM FR0M A LiNUX B0X' BFi 7 , File 8 (Dicembre 99) ; 'Building Into The Linux Network Layer' (Phrack vol.9, issue 55, file 12 of 19)
[Linux/*BSD - c source]

G0RK

pIGpEN

tcp/udp/icmp/ip dumper which also permits to log only packets with the specified source/destination host and port; it supports the pcap library.
Documentation: 'G0RK: A SiMPLE & P0WERFUL PACKET L0GGER' , BFi7 File 09 (Dicembre 99)
[Linux/*BSD - c source]

ICMP Tunneling Library
(win32 version)

Dark Schneider

ICMP Tunneling Library v1 by FuSyS ported on Win32.
Documentation: 'UNDERC0VER W0RK' , BFi 7 File 13 (Dicembre 99); 'PR0GETT0 NiNJA' , BFi4 (Dicembre 98)
[Win32 - c source]

VLV-CRYPT v1.0b
(win32 version)

\\alv^iCf

VlV-Crypt v1.0b - 32Bit SingleKey Engine Edition: cryptographic utility using private key.
Documentation: 'VLV-CRYPT v1.0b 32BiT SiNGLEKEY ENGiNE EDiTi0N' , BFi 7 File 14 (Dicembre 99) ; readme
[Win32 - ASM source/binary]

SYSL0GD trojan

bELFaghor

These patches applied to syslogd 1.3-31 sources add a new priority, and using it it's possible to execute locally new commands without be logged.
Documentation: 'SYSLOGD TROJAN' , BFi6 (Giugno 99)
[Linux - patch]

xACES

pIGpEN

TCP/UDP/RPC/finger/NFS/samba/web/phone scanner with string comparing option. XWindows version.
Documentation: 'ACES HiGH 2.7' , BFi5 (Marzo 99)
[Linux/GTK]

xTH0T v1.0

FuSyS

Tcp/ip Hacking Ominous Tool.
Documentation: 'XTH0T v.1.0', BFi6 (Giugno 99)
[Linux/GTK - c source]

Support tools for 0N0S3NDAi project.
Includes:
- SEQprobe (displays remote host's ISN generation)
- SMail v2 (the DEFINITIVE fake mail)
Documentation: 'PR0GETT0 0N0S3NDAi - PARTE II' , BFi6 (Giugno 99)
[Linux - c source]

RPC Backdoor

pIGpEN

A Backdoor that uses an rpc program to introduce in the host a remote access facility.
Documentation: 'COME MASTURBARE LE RPC E OTTENERE UNA BACKDOOR', BFi6 (Giugno 99)
[Linux - c source]

NetBIOS scan v1.0

DoLD & Klistron

Shared resource scanner.
[Win9x - c source]

RPC program scan

pIGpEN

Finds an rpc program by its number scanning a range of ip's.
Documentation: 'VULNERABiLiTA' di RPCBiND', BFi6 (Giugno 99)
[Linux - c source]

DeadScan v1.0

pIGpEN

Simple war dialer.
Documentation: 'WAR DIALER X LINUX', BFi6 (Giugno 99)
[Linux - c source]

Wu-Thang

del0rean

Vulnerable Wu-FTPD versions scanner (adapted from statd scanner by BiT).
[Linux - c source]

Kit including various tools to hide from logs generated by ACCT.
Includes:
- ACCT Knocker
- hydra v0.1
- Leipzig v0.1
- LocalFuck v0.1
- Obscura Mens v0.1
- Xytaxehedron v0.1
- Xytaxehedron v0.1i
Documentation: 'ACCT' , BFi5 (Marzo 99)
[Linux/*BSD - c sources]

Kit including various tools for generating fake logs and read/redirect logs generated by SYSKLOGD.
Includes:
- Shub-Niggurath
- vru vru vruk
- WALLA WALLA v0.1
- WALLA WALLA v0.2
Documentation: 'SYSLOGD' , BFi5 (Marzo 99)
[Linux - c sources]

Tool to scan a LAN in order to find interfaces in PROMISC mode. It's accomplished by using non-standard queries.
Documentation: 'TCP/iP HACKS F0R PHUN AND PR0FiT', BFi5 (Marzo 99)
[Linux - c source]

TCP forger.
Documentation: 'TCP/iP HACKS F0R PHUN AND PR0FiT' , BFi5 (Marzo 99)
[Linux - c source]

RST Storm: destroys TCP links.
Documentation: 'TCP/iP HACKS F0R PHUN AND PR0FiT' , BFi5 (Marzo 99)
[Linux - c source]

TCP/UDP/RPC/finger/NFS/samba/web/phone scanner with string comparing option.con funzione di comparazione di stringa.
Documentation: 'ACES HiGH 2.7' , BFi5 (Marzo 99); aces.doc
[Linux - c source]

Remake of NETbus 1.7, with some more options, and a polymorphic engine to make the patch invisible to any antivirus.
Documentation: manual.txt
[Win9x/NT - binary]

Highly customizable patcher.
Documentation: readme.txt
[DOS - binary]

Patcher with integrated VM and GUI and with plugins support.
Documentation: 'PATCHER PR0 v0.3 t(est) e(valuation)', BFi4 (Dicembre 98); manual.txt
[DOS - binary]

rpc.ttdbserver scanner (adapted from statd scanner by BiT), it uses a file containing the list of ip's to scan.
Documentation: 'RPC.TTDBSERVER SCANNER' , BFiSN98 (Dicembre 98)
[Linux - c source]

Kit including two tools that scan for exploitable versions of IMAP4; the scan can be accomplished by specifying a single host or using a file containing all the ip's..
Includes:
- Imap4 scanner
- Imap4 checker
Documentation: 'iMAP4 SCANNER' , BFiSN98 (Dicembre 98)
[Linux - c source]

C version of gcc 2.7.2.x exploit by Michal Zalewsky.
Documentation: 'GCC 2.7.2.x EXPL0iT: C VERSi0N' , BFiSN98 (Dicembre 98)
[Linux - c source]

Trojan that enables file and printer sharing, and then enables sharing on all drives with full access.
Documentation: 'WiND0WS E PASSW0RD' , BFi4 (Dicembre 98); file_id.diz
[Win9x - binary]

Support tools for 0N0S3NDAi project.
Includes:
- MyWay (simple telnet session hijacker)
- Simple Linux Sniffer v0.3
Documentation: 'PR0GETT0 0N0S3NDAi - PARTE I' , BFi4 (Dicembre 98)
[Linux - c source]

Shell hidden into ICMP tunneling that uses 0x00 ECHO REPLY messages to carry data.
Includes:
- 007Shell
- ICMP Tunneling Library v1
Documentation: 'PR0GETT0 NiNJA' , BFi4 (Dicembre 98)
[Linux - c source]

Loadable Kernel Module to hide in a system. It substitutes in 4kbytes a full rootkit. Only for 2.0.x kernels.
Documentation: 'PR0GETT0 CAR0NTE - PARTE I' , BFi3 (Luglio 98); 'PR0GETT0 CAR0NTE - PARTE II' , BFi4 (Dicembre 98)
[Linux - LKM c source ]

Network datapipe with interactive mode, support for proxy server socks (v4 e v5), logging facility and option to concatenate more pipes.
Documentation: 'PiPPA v2', BFi4 (Dicembre 98)
[Linux/WinNT - perl source]

Utmp editor that permits to change id, tty and host of a user logged in the system.
Documentation: 'T00LS PER RiMANERE iN 0MBRA S0TT0 UNiX', BFi3 (Luglio 98)
[Linux - c source]

Log editor that cleans Utmp, Wtmp, LastLog, Messages, XferLog, Secure and MailLog.
Documentation: 'T00LS PER RiMANERE iN 0MBRA S0TT0 UNiX', BFi3 (Luglio 98)
[Linux - c source]

Simple socket shell.
Documentation: 'BACKD00R: iDEE ED iMPLEMENTAZi0Ni', BFi3 (Luglio 98)
[Linux - c source]

Cryptographic utility using private key (4096 bytes), random salting.
Documentation: 'CRYPT V.6.0.0', BFi3 (Luglio 98); readme.txt
[DOS - binary]

Network datapipe.
Documentation: 'PIPPA, A NETWORK DATAPIPE IN PERL', Xine #3 (Maggio 98)
[Linux - perl source]

Phf - test-cgi - htmlscript - view-source - wrap - campas - pfdisplay - webdist - aglimpse - php - nph-test-cgi scanner.
Documentation: 'C0DEZ', BFi2 (Maggio 98); 'N0NS0L0PHF', BFi3 (Luglio 98)
[Linux - c source]

Modified version of Todd Vierling's datapipe, where you can specify a name that will be displayed instead of the process' name.
Documentation: 'COME OCCULTARSi IN UN SiSTEMA UNiX', BFi2 (Maggio 98)
[Linux - c source]