Section: .. / 0004-exploits /
| /// File Name: |
0004-exploits.tgz |
Description:
|
Packet Storm new exploits for April, 2000.
| | File Size: | 208103 | | Last Modified: | May 19 13:56:12 2000 |
| MD5 Checksum: | 063609eadb0e169808e0743f8b4a5163 |
|
| /// File Name: |
4man.c |
Description:
|
redhat 6.1 /usr/bin/man exploit.
| | Author: | Kil3r | | Homepage: | http://www.hack.co.za | | File Size: | 1247 | | Last Modified: | Apr 27 17:10:24 2000 |
| MD5 Checksum: | 615c44e4e6b424aeadbc606befd53fa1 |
|
| /// File Name: |
ADV-150400.txt |
Description:
|
Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed.
| | Author: | Narrow | | Homepage: | http://www.legion2000.cc | | File Size: | 3470 | | Last Modified: | Apr 23 05:35:38 2000 |
| MD5 Checksum: | 30a39ddb21f13f12d191f2d54852f646 |
|
| /// File Name: |
austnethack.tgz |
Description:
|
How AustNet's Virtual World was hacked to reveal users real IP. Slightly crippled demonstration code included. Lots of information on the austnet hack available here.
| | Author: | FallenAngel | | File Size: | 5925 | | Last Modified: | Apr 28 15:04:09 2000 |
| MD5 Checksum: | 2656c2b54f61633943b715f088369b39 |
|
| /// File Name: |
b0f3-ncurses.txt |
Description:
|
BufferOverflow Security Advisory #3 - libncurses buffer overflow in NCURSES 1.8.6 on FreeBSD 3.4-STABLE. Setuid programs linked with libncurses can be exploited to obtain root access.
| | Author: | Venglin | | Homepage: | http://www.b0f.com | | File Size: | 1493 | | Last Modified: | Apr 24 18:37:30 2000 |
| MD5 Checksum: | 6498cacb6f034cf8c3e1a0d842966aaa |
|
| /// File Name: |
bedie.tar.gz |
Description:
|
bedie is a beos (5.0/4.5) local dos exploit which exploits a kernel bug. ASM source and binary included.
| | Author: | Konstantin Boldyshev | | Homepage: | http://www.hack.co.za | | File Size: | 656 | | Last Modified: | Apr 19 03:46:11 2000 |
| MD5 Checksum: | 257010ec6b7777f6ad6eb77d96fe9b78 |
|
| /// File Name: |
beos.dos.txt |
Description:
|
The BeOS networking stack crashes when certain malformed packets are sent to it. This document explains two such packets and includes CASL scripts for packet generation.
| | Author: | Tim Newsham courtesy of Bugtraq | | File Size: | 2104 | | Last Modified: | Apr 8 00:01:54 2000 |
| MD5 Checksum: | 7dd03167c4aa1e50798d8da687342267 |
|
| /// File Name: |
bizdb.htm |
Description:
|
BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, has an unchecked open() call and can therefore be made to execute commands at the privilege level of the webserver. Remote exploit included.
| | Homepage: | http://www.hack.co.za | | File Size: | 904 | | Last Modified: | Apr 19 03:41:50 2000 |
| MD5 Checksum: | 401db6658201fb288a1f18f7a06f55e7 |
|
| /// File Name: |
cache-control.txt |
Description:
|
HTTP cache-control headers such as If-Modified-Since allow servers to track individual users in a manner similar to cookies, but with less constraints. This is a problem for user privacy against which browsers currently provide little protection.
| | Author: | Martin Pool courtesy of Bugtraq | | File Size: | 5264 | | Last Modified: | Apr 3 21:58:51 2000 |
| MD5 Checksum: | 8812472989a4bf4862b008ab8381cfe9 |
|
| /// File Name: |
cc-pinextract.txt |
Description:
|
CRYPTOCard's CRYPTOAdmin software is a challenge/response user authentication administration system. The PT-1 token, which runs on a PalmOS device, generates the one-time-password response. A PalmOS .PDB file is created for each user and loaded onto their Palm device.
| | Author: | gaining access to the .PDB file, the legitimate user's PIN can be determined through a series of DES decrypts-and-compares. Using the demonstration tool, the PIN can be determined in under 5 minutes on a Pentium III 450MHz. ;Homepage here. | | File Size: | 11818 | | Last Modified: | Apr 12 18:18:10 2000 |
| MD5 Checksum: | b5712169e313cbe8cc085fdba02fc070 |
|
| /// File Name: |
DeCRYPTO.zip |
Description:
|
CRYPTOCard's CRYPTOAdmin pin can be decrypted from the .pdb file - Windows 9X demonstration program.
| | Author: | Kingpin | | Homepage: | http://www.l0pht.com/ | | File Size: | 71912 | | Last Modified: | Apr 12 18:24:04 2000 |
| MD5 Checksum: | fe28a18e26b2a225d8b53084273f376f |
|
| /// File Name: |
dig.c |
Description:
|
dig v2.2 local buffer overflow exploit for x86 linux. Note that dig isn't suid/sgid on some platforms, yet on some it is.
| | Author: | Anathema | | Homepage: | http://www.hack.co.za | | File Size: | 963 | | Last Modified: | Apr 25 15:51:02 2000 |
| MD5 Checksum: | 64d48db2681ea2a2b39db0e4c5ed0534 |
|
| /// File Name: |
dsnhack.pl |
Description:
|
NewDSN.exe/CTGuestB.idc/Details.idc remote NT exploit.
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 11668 | | Last Modified: | Apr 15 05:33:17 2000 |
| MD5 Checksum: | 7ff862fd59a7fc44459ffedd4d85e4e8 |
|
| /// File Name: |
fcheck.txt |
Description:
|
Fcheck, a file integrity checker written in perl, can be subverted by a malicious user to execute arbitrary commands as root by creating files with shell metacharacters in their names. Version v.2.7.45 and below is vulnerable.
| | Author: | Matt Carothers courtesy of Bugtraq | | File Size: | 3307 | | Last Modified: | Apr 6 20:09:05 2000 |
| MD5 Checksum: | b774f77d8c850e34a261d057d7b92d7f |
|
| /// File Name: |
fdmnt-smash.c |
Description:
|
fdmount local root exploit - tested on Slackware 4.0. Must be in the floppy group.
| | Author: | Scrippie | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 3126 | | Last Modified: | Apr 3 19:28:34 2000 |
| MD5 Checksum: | d2464a783b9ec3c30fce40f27d993b78 |
|
| /// File Name: |
Fortres4-analysis.txt |
Description:
|
Fortres 4.0 security software for Windows has an easily decrypted password. Qbasic source includeed to crack the simple encryption.
| | Author: | Frost Byte | | File Size: | 6680 | | Last Modified: | Apr 11 21:33:57 2000 |
| MD5 Checksum: | 527b04431e4eb94f05d389b4797ced4c |
|
| /// File Name: |
FreeOnline.txt |
Description:
|
Unavailable.
| | File Size: | 2008 | | Last Modified: | May 4 03:07:41 2000 |
| MD5 Checksum: | 176c551eeb90272d417a28837816a5a9 |
|
| /// File Name: |
hupux.sh |
Description:
|
hupux.sh hp-ux 09.04 local exploit - Takes advantage of default world writable /usr/local/bin.
| | Homepage: | http://www.hack.co.za | | File Size: | 1645 | | Last Modified: | Apr 22 02:51:09 2000 |
| MD5 Checksum: | 612118e5a33cfc56fd2523923c2473c8 |
|
| /// File Name: |
ide_expl.mrc |
Description:
|
ide_expl.mrc is an ircii-4-4 exploit ported to mirc5.7, works reverse to ircii-4.4.c. You send the chat request instead of having them chat you, attempts to execute /bin/sh.
| | Author: | Vade79 | | Homepage: | http://www.realhalo.org | | File Size: | 5209 | | Last Modified: | Apr 19 17:46:37 2000 |
| MD5 Checksum: | addd65fdc0c1ae6459ab9dcad5b30f13 |
|
| /// File Name: |
imap_core.sh |
Description:
|
imap_core.sh is a quick proof of concept tool that causes some imapd implementations to dump core. Unfortunately the core file contains the password and shadow password file in it!
| | Author: | Mudge | | Homepage: | http://www.l0pht.com | | File Size: | 6352 | | Last Modified: | Apr 19 04:05:27 2000 |
| MD5 Checksum: | 9481064c839b0d9a8f986f1b6cf42749 |
|
| /// File Name: |
imwheel_ex.c |
Description:
|
imwheel local root exploit (as discussed in RHSA-2000:016-02).
| | Author: | Funkysh | | File Size: | 994 | | Last Modified: | Apr 27 16:36:06 2000 |
| MD5 Checksum: | 3921848bcb87f1605cb4c04cd19564ba |
|
| /// File Name: |
ircii-4.4.c |
Description:
|
ircii-4.4 exploit - buffer overflow in ircii dcc chat's allows arbitrary code execution. Tested against SuSE 6.x and Redhat.
| | Author: | Bladi | | Homepage: | http://www.hack.co.za | | File Size: | 2730 | | Last Modified: | Apr 6 20:55:52 2000 |
| MD5 Checksum: | 8fa058ae2888e79fbb22209b4615455a |
|
| /// File Name: |
kill_nwtcp.c |
Description:
|
Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.na.export.pl | | File Size: | 2157 | | Last Modified: | Apr 23 03:37:05 2000 |
| MD5 Checksum: | 9bb4f32c519d5e9f52e8f2d2e59aa7da |
|
| /// File Name: |
lcdproc-exploit.c |
Description:
|
LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here.
| | Author: | Andrew Hobgood | | File Size: | 5497 | | Last Modified: | Apr 23 21:58:51 2000 |
| MD5 Checksum: | d659767f43f807e3f6919db9b7d1e893 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
