www.lugojteam.as.ro/rootkit.tar can't be downloaded anymore.
rootkit.tar can be recovered from the harddisk. You need to
extract fragments 39390-39944.
[kmaster@christophe sotm29]$ tar tvf rootkit.tar > analysis_rootkit.html -rwxr-xr-x hack3r/hack3r 2796 2001-10-10 03:55:04 rootkit/secure/patch -rw-r--r-- hack3r/hack3r 512 2000-10-28 21:32:22 rootkit/s_r_s -rw------- hack3r/hack3r 537 2001-07-02 22:53:53 rootkit/s_h_k -rwxr-xr-x hack3r/hack3r 19840 2001-08-02 21:21:15 rootkit/ifconfig -rwxrwxr-x hack3r/hack3r 8469 2003-03-15 22:50:33 rootkit/install drwxr-xr-x hack3r/hack3r 0 2001-11-08 07:46:43 rootkit/exploits/ -rw-r--r-- hack3r/hack3r 2100 2001-05-29 19:25:55 rootkit/exploits/sendmailx.sh -rwxr-xr-x hack3r/hack3r 19615 2001-05-29 20:30:19 rootkit/exploits/bind8x -rwxr-xr-x hack3r/hack3r 15713 2001-05-29 20:30:27 rootkit/exploits/bindscan -rw-r--r-- hack3r/hack3r 5073 2001-08-01 02:27:04 rootkit/exploits/epcs2.c -rwxr-xr-x hack3r/hack3r 16337 2001-08-01 02:27:16 rootkit/exploits/epcs2 -rwxr-xr-x hack3r/hack3r 4338 2001-07-31 23:12:17 rootkit/firewall -rwxr-xr-x hack3r/hack3r 1345 2001-08-01 01:51:25 rootkit/searchlog -rwxr-xr-x hack3r/hack3r 2379 2001-08-03 17:37:13 rootkit/killrk -rw------- hack3r/hack3r 307200 2001-08-03 17:41:20 rootkit/core -rwxr-xr-x hack3r/hack3r 184023 2001-10-10 01:08:49 rootkit/ls drwxr-xr-x hack3r/hack3r 0 2001-11-08 07:46:43 rootkit/plasa/ -rw-r--r-- hack3r/hack3r 98 2001-10-27 19:50:36 rootkit/plasa/tcp.log -rwxr-xr-x hack3r/hack3r 4060 1983-09-26 01:45:00 rootkit/plasa/sense -rwx------ hack3r/hack3r 73 2001-10-27 19:45:16 rootkit/plasa/logclear -rwxr-xr-x hack3r/hack3r 29421 2001-10-27 19:43:30 rootkit/plasa/linsniffer -rwxr-xr-x hack3r/hack3r 53588 1983-09-26 01:45:00 rootkit/top -rw-r--r-- hack3r/hack3r 3256 2001-10-07 16:44:18 rootkit/vanish2.tgz -rwxr-xr-x hack3r/hack3r 28696 2001-10-10 01:08:22 rootkit/syslogd -rwxr-xr-x hack3r/hack3r 24147 2001-10-10 01:08:37 rootkit/pstree -rwxr-xr-x hack3r/hack3r 117311 2001-10-10 01:08:55 rootkit/du -rwxr-xr-x hack3r/hack3r 47388 2001-10-10 01:09:07 rootkit/ps -rwxr-xr-x hack3r/hack3r 258612 2001-10-10 01:09:27 rootkit/netstat -rwxr-xr-x hack3r/hack3r 22459 2001-10-10 01:09:37 rootkit/killall drwxr-xr-x hack3r/hack3r 0 2001-11-08 07:46:43 rootkit/ptyxx/ -rw-r--r-- hack3r/hack3r 1 2001-10-09 18:20:18 rootkit/ptyxx/.proc -rw-r--r-- hack3r/hack3r 1 2001-10-09 18:20:29 rootkit/ptyxx/.addr -rw-r--r-- hack3r/hack3r 1 2001-10-09 18:20:56 rootkit/ptyxx/.log -rw-r--r-- hack3r/hack3r 1 2001-10-09 18:21:02 rootkit/ptyxx/.file -rw-rw-r-- hack3r/hack3r 642 2003-03-15 22:52:38 rootkit/s drwxr-xr-x hack3r/hack3r 0 2001-11-08 07:46:54 rootkit/curatare/ -rwxr-xr-x hack3r/hack3r 84568 2001-11-03 20:04:48 rootkit/curatare/ps -rwxr-xr-x hack3r/hack3r 53910 2001-11-03 20:05:46 rootkit/curatare/pstree -rwxr-xr-x hack3r/hack3r 1259 2001-11-08 07:46:54 rootkit/curatare/sshd -rwxr-xr-x hack3r/hack3r 1259 2001-11-08 07:12:43 rootkit/sshd drwxr-xr-x hack3r/hack3r 0 2001-11-14 14:56:58 rootkit/ess-0.8.6/ -rw-r--r-- hack3r/hack3r 2731 2000-05-24 05:20:55 rootkit/ess-0.8.6/smalls.c -rw-r--r-- hack3r/hack3r 1509 2000-06-04 06:41:39 rootkit/ess-0.8.6/Makefile -rw-r--r-- hack3r/hack3r 5322 2000-05-12 13:40:02 rootkit/ess-0.8.6/cgi.conf -rw-r--r-- hack3r/hack3r 1049 2000-04-14 08:14:16 rootkit/ess-0.8.6/connect.c -rw-r--r-- hack3r/hack3r 1117 2000-01-14 11:59:46 rootkit/ess-0.8.6/confparser.c -rw-r--r-- hack3r/hack3r 2110 2000-06-04 06:47:52 rootkit/ess-0.8.6/ess.conf -rw-r--r-- hack3r/hack3r 1930 2000-04-09 08:21:12 rootkit/ess-0.8.6/fingerchk.c -rw-r--r-- hack3r/hack3r 6427 2000-05-12 12:57:00 rootkit/ess-0.8.6/ftpchk.c -rw-r--r-- hack3r/hack3r 7447 2000-05-28 10:58:15 rootkit/ess-0.8.6/httpchk.c -rw-r--r-- hack3r/hack3r 262 2000-03-21 04:43:43 rootkit/ess-0.8.6/imapchk.c -rw-r--r-- hack3r/hack3r 10379 2000-06-04 06:34:56 rootkit/ess-0.8.6/main.c -rw-r--r-- hack3r/hack3r 3325 2000-05-27 18:47:45 rootkit/ess-0.8.6/portscan.c -rw-r--r-- hack3r/hack3r 2905 2000-06-04 05:53:32 rootkit/ess-0.8.6/ess.h -rw-r--r-- hack3r/hack3r 9631 2000-06-03 09:00:36 rootkit/ess-0.8.6/check4bug.c -rw-r--r-- hack3r/hack3r 3592 2000-05-25 10:03:59 rootkit/ess-0.8.6/rpcscan.c -rw-r--r-- hack3r/hack3r 914 2000-04-12 19:08:14 rootkit/ess-0.8.6/nfschk.c -rw-r--r-- hack3r/hack3r 238 2000-03-22 13:00:15 rootkit/ess-0.8.6/pop2chk.c -rw-r--r-- hack3r/hack3r 259 2000-03-22 13:00:23 rootkit/ess-0.8.6/pop3chk.c -rw-r--r-- hack3r/hack3r 1605 2000-04-09 07:54:51 rootkit/ess-0.8.6/smtpchk.c -rw-r--r-- hack3r/hack3r 926 2000-05-27 15:43:34 rootkit/ess-0.8.6/telnetchk.c -rw-r--r-- hack3r/hack3r 653 2000-04-30 21:38:30 rootkit/ess-0.8.6/timeout.c -rw-r--r-- hack3r/hack3r 1695 2000-04-21 06:07:15 rootkit/ess-0.8.6/rshchk.c -rw-r--r-- hack3r/hack3r 565 2000-01-25 17:40:31 rootkit/ess-0.8.6/xwinchk.c -rw-r--r-- hack3r/hack3r 3116 2000-04-09 07:53:31 rootkit/ess-0.8.6/recvbuff.c -rw-r--r-- hack3r/hack3r 1182 2000-02-25 12:25:11 rootkit/ess-0.8.6/config.h.in -rw-r--r-- hack3r/hack3r 761 2000-03-14 05:07:41 rootkit/ess-0.8.6/Makefile.in -rw-r--r-- hack3r/hack3r 4829 2000-05-14 09:57:46 rootkit/ess-0.8.6/configure.in -rwxr-xr-x hack3r/hack3r 84866 2000-05-25 09:58:01 rootkit/ess-0.8.6/configure -rw-r--r-- hack3r/hack3r 1835 2000-05-30 16:19:48 rootkit/ess-0.8.6/portlist -rw-r--r-- hack3r/hack3r 1286 2000-05-19 03:23:19 rootkit/ess-0.8.6/config.h -rw-r--r-- hack3r/hack3r 1345 2000-05-24 06:27:02 rootkit/ess-0.8.6/devaddr.c -rw-r--r-- hack3r/hack3r 277 2000-02-25 12:24:39 rootkit/ess-0.8.6/acconfig.h -rw-r--r-- hack3r/hack3r 1878 2000-05-25 03:12:59 rootkit/ess-0.8.6/namedchk.c -rw-r--r-- hack3r/hack3r 1577 2000-02-07 10:30:27 rootkit/ess-0.8.6/libicmp.h -rw-r--r-- hack3r/hack3r 4116 2000-05-25 10:21:00 rootkit/ess-0.8.6/libicmp.c -rw-r--r-- hack3r/hack3r 1931 2000-02-10 13:59:59 rootkit/ess-0.8.6/ip_gen.c -rw-r--r-- hack3r/hack3r 2102 2000-05-16 06:45:53 rootkit/ess-0.8.6/ess.conf.in -rw-r--r-- hack3r/hack3r 3087 2000-02-10 13:59:52 rootkit/ess-0.8.6/in_cksum.c -rw-r--r-- hack3r/hack3r 1516 2000-05-24 03:37:19 rootkit/ess-0.8.6/tcp_gen.c -rw-r--r-- hack3r/hack3r 3659 2000-06-04 06:24:12 rootkit/ess-0.8.6/tcp.c -rw-r--r-- hack3r/hack3r 1414 2000-02-27 10:47:43 rootkit/ess-0.8.6/trans_check.c -rw-r--r-- hack3r/hack3r 109 2000-02-10 14:12:15 rootkit/ess-0.8.6/checksum.h -rw-r--r-- hack3r/hack3r 690 2000-02-10 14:12:15 rootkit/ess-0.8.6/rawsock_utils.h -rw-r--r-- hack3r/hack3r 3262 2000-06-04 17:28:03 rootkit/ess-0.8.6/README -rw-r--r-- hack3r/hack3r 1713 2000-06-04 06:12:28 rootkit/ess-0.8.6/oscheck.c -rwxr-xr-x hack3r/hack3r 46800 2000-06-04 06:42:28 rootkit/ess-0.8.6/essbin -rw-r--r-- hack3r/hack3r 995 2000-06-03 15:55:05 rootkit/ess-0.8.6/fingerprint -rw-r--r-- hack3r/hack3r 64 2001-11-24 18:34:07 rootkit/ess-0.8.6/install -rwxr-xr-x hack3r/hack3r 624753 2001-11-24 18:17:54 rootkit/udhss tar: Skipping to next header -rwxr-xr-x hack3r/hack3r 158 2001-11-25 00:59:35 rootkit/rula tar: Error exit delayed from previous errors
The archive is damaged and maybe incomplete.
| Virus | File |
|---|---|
| rootkit.tar | |
| ELF_ROOTKIT40-7 | rootkit/ifconfig |
| PERL_ROOTKIT.C | rootkit/plasa/sense |