Showing 1 - 6 of 6

Files from Loki

f8-120500-vpnet.txt: Posted Dec 7, 2000; Authored by Loki, f8labs | Site f8labs.com; VPNet Technologies VSU VPN appliances have serious remote vulnerabilities. A source routing flaw in VSU allows for unauthenticated connections to a target host on protected LAN of VPN, and a flaw in NOS bridging code causes VSU to pass spoofed private address packets from it's public interface to the private network.; tags | remote, spoof, vulnerability; SHA-256 | 0cb8674acbf084b5918dab3149caf09b90482e6bca33a3214386bb64286cb150; Download | Favorite | View

f8-112000-bbr2.txt: Posted Nov 26, 2000; Authored by Loki, f8labs | Site f8labs.com; The here.; SHA-256 | 6fb960b4f5c3485bdbcec10301697c2f0a2a956ffe68740fa84a0411ce0bf4ee; Download | Favorite | View

f8-103100-realsecure.txt: Posted Nov 6, 2000; Authored by Loki, f8labs | Site f8labs.com; RealSecure by ISS v5.0 fails to detect attacks using the year old IIS 5 RDS bug and the recent UNICODE hole.; SHA-256 | 453d10fa616c5ee68f11a6790756532a25384881a2177d18253ce60f36c2c773; Download | Favorite | View

mantrap-info.tgz: Posted Nov 6, 2000; Authored by Loki, f8labs | Site f8labs.com; ManTrap, a commercial honeypot, can easily be identified and subverted. The process hiding can be detected by sending a signal to each PID, there are /proc inconsistancies, the first 4 processes always get hidden, the inode number is off, and the chroot can be broken via raw device access. Includes mantrap.c, a exploit which checks for the first 3 issues.; SHA-256 | 54a333746c7dc4826ba17db0df51fcbfc4a52dc1ecfb81630351161e213ceac9; Download | Favorite | View

vpn-root.txt: Posted Aug 31, 2000; Authored by Loki; RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.; tags | exploit, remote, arbitrary, shell, root; SHA-256 | 4b922cd0b6565086e642ee2ff57903babce23e38618ab193b67f145f89db55fd; Download | Favorite | View

rapidstream.vpn.txt: Posted Aug 15, 2000; Authored by Loki; RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.; tags | exploit, remote, arbitrary, shell, root; SHA-256 | 1fd2ed25e75ae6103e367de4a012acaddbd2dec2b82709822d1d1f127d8cc413; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days