Microsoft HK local exploit - Executes any command as SYSTEM, as described in MS01-003. Good for recovering lost admin rights. Includes C source and binary.
cd88e00055d120a493e12b4c85d7918cb835d162033519a2bfc4df5c703507c9This is wuftpd2.6.0x and qpop2.1.4 exploit ported to PHP. Even php in safe mode can not stop this script from working. Webhosting providers who provide PHP need to be careful.
13aada54c954522f4a2446611b67aa75d2fad31ef0fb63a0303da5710582411dUnicode_shell.pl is an exploit for the IIS unicode bug which allows you to enter commands as if in a cmd.exe shell and uses 20 different URL's to check for the vulnerability.
57da8160e9ecbc76af59dca02d8c09165aad0ed553e94c04920c4911d63f868bPacket Storm new exploits for January, 2001.
7cf2f86f82bd70408231897c52a93f41c21f1a3426999e80d34c02b17b565598Bind-tsig.c is a trojan which pretends to be a Bind 8 exploit, but actually attacks dns1.nai.com.
10c2b4ca2df782e81fa88f0f3754c17edbda8d021f0e95790037e92d99e82698The Progress Database Server v8.x and 9.x for Unix has several locally exploitable buffer overflows which can allow arbitrary code to run as root. Proof of concept exploit attached.
a635658fc0bc7d92809e5bd3b82d802d3fc6657301cb85549dad95844ff23350Naptha v1.1 is a denial of service attack against many OS's which uses established TCP connections to create a resource starvation attack. Includes three tools - bogusarp makes a bogus entry in the router's arp cache so it actually puts packets with our faked source address on the Ethernet, synsend, and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95, 98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.
5e9a1ecb83ce88598a70eb891593de41f1d521c357bb903418539c2af1203ad1Glibc prior to v2.1.9x allows local users to read any file. This shell script exploits this bug using the Openssh-2.3.0p1 binary. Tested against Debian 2.3 and Redhat 7.0.
2d457aea08bb212a673eba42f38cd71b80a69cfa337478e974be158a3d4ea4f9/usr/bin/write overflow proof of concept exploit - Tested against Solaris 7 x86.
c16ac5bdc4e051947b73224fd9ce4ee3520b8642faad979a56aa2d408efed275Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may result in denial of service attack, local or even remote root compromise, if root runs the /sbin/rctab script. Tested against SuSE 7.0.
fc19e225e62f6f5c2e025ec29e9a8a3f1627d65e3092f30765ef013a8834d294SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.
46e2112f1ac589a1dd162f6987291786829b758ff1f0dcfb9a92ed98a4c809baTru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.
f67306c7d5e8a80b0d9dd9ec31f5862dc99315e27b96ffd753df2a04197de25eFreeBSD ipfw+ECE proof of concept code - Using FreeBSD divert rule, all outgoing traffic will have the ECE flag added to it, bypassing ipfw if it passes established connections.
3b3c1522f51acfd836de24641b6920925238d5ad476f2116a2c8a01ab169e4e2Netscape Enterprise Server 4.0 remote root exploit - Tested against Sparc SunOS 5.7.
5962857e51380ddd9c8779fffaabc0d7d0b7a29097786414f377c5d1d18e92dbSplitVT v1.6.4 and below local format string exploit which overflows the -rcfile command line flag. Tested on Slackware 7.1, Debian 2.2.
f299f70b6ffdcec9e13edbdd986f8b689e08c195f243c6b64ba16a42b7184eeaUnitools.tgz contains two perl scripts - unicodeloader.pl uploads files to a vulnerable IIS site, and unicodexecute3.pl includes searches for more executable directories and is more robust and stable.
ef1371caea9d6be5421cdfd47295c380d367086653e0281f537a4f4b1db5503eThong.pl is a perl script which exploits several vulnerabilities found in Cisco products. Includes the Cisco Catalyst ssh Protocol Mismatch dos, Cisco 675 Web Administration dos, Cisco Catalyst 3500 XL command execution, and the Cisco IOS Software HTTP Request dos.
594060a5dec2fcf16403a904d4ad89eb7a7015552c986112125f18ead0a5a9e8Denial of service attack against the Iris The Network Traffic Analyzer beta 1.01. Causes Iris to hang when it the traffic is examined.
5b1013b4f1ea308f0e334e50bc71d89bb6e9bad05d9e96f4c14bc650f4c4acdcTcpdump v3.5.2 remote root exploit - Tested against X86 Linux. Exploits an overflow in the AFS packet parsing which requires the snaplen (-s) to be set to 500 or greater. Fixed in v3.62.
f8bece3b4c4cdecd77844f75e71dd0972eedfa3379f9b4b2e2c8349ff924afcbSolaris /usr/sbin/arp local root stack overflow exploit.
b37113d4b5f35ea2807811dceb90d932c062e88b41f082fffecbf6522cc7344aWhois.pl is a remote exploit for Fastgraf's whois.cgi perl script.
805a20d41225bbbbdd659b9161bb4d4a47c0dad781d97b2378c5e7f8c4611a81The Bat! v1.48f and below has a client side vulnerability which allows malicious mail messages to add any files in any directory on the disk where user stores his attachments.
1adbf87e7851d5d7a9b23c17e6184b5d212a67dbc7d0715a21f84ca3f403a183Defcom Labs Advisory def-2001-01 - ImageCast V4.1.0 for Windows, a rapid-PC-deployment tool much like Ghost, has problems handling malformed input which result in a dos attack against the ImageCast Control Center.
39f8a768d3f4a48a511b385ecf3c598de70d7bb5bec3da86c6b00e75380a0698Defcom Labs Advisory def-2001-02 - IBM WebSphere 3.52 (IBM HTTP Server 1.3.12) for Windows NT has a memory leak which can be used as a remote denial of service attack. Workaround included.
c30b6f1e3f9eb32c68a980352c0665fac96d69038b54eff6607fd86a46d507e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed