RetaRDS.pl checks for IIS web servers which are vulnerable to the RDS bug. Includes host list scanning and IDS evasion.
8ab119af163fc9daed47a7f1e47a2ddb6b694004f8d9fb14478bf9d003f54d5dMultihtml.c is a remote exploit for /cgi-bin/multihtml.pl, versions previous to 2.2 which spawns a remote shell.
1cb8b402e54df7815270db3a85536296536997d3459dfb03bc464424e639323cNCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0.
fd048c6976c8652d858e282e552db1b774bbf2a33f9c4f5d8cbdad0d39ab5194Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
9e90411a076c4578051a6a030e0ddf9912c74a3586dd318b2d2f7e86d6cbe206Sourcescan.pl looks through C source code for common vulnerabilities, including strcpy, gets, strcat, sprintf, fscanf, scanf, vsprintf, realpath, getopt, getpass, streadd, strecpy, strtrns, getenv, and setenv.
08e9707e93b71327f7308ac80c26eb28bcc78a62b4c77d056f8e210bed720e03Many IDS systems detect buffer overflow exploitation by looking for a series of NOP's (hex 90) which are typically used to pad the buffer so the offset does not have to be exact. Instead of using NOP's, a stealthy exploit could jump to the next instruction (jmp 0x00) or jump a small number of instructions.
5a83aa8429b3c9c4766634a3e4e0e6c3a972a542233b82a48fde3c8475fd483bBitchX dos exploit - joins a channel with %s in the name, and invites target nick.
454c258db3817f6310a5b53eef7dcb95058960cff7c6b95c5c1b94c2b3b38f0eQuick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
9bff10e0b13f74501fe381001cf0e37279e3be5fca0e60e87cb1c850a547780fsploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
a9a2d6cb059ca360921cfea53192a86691abc7cab592a0d3711c7ca85e80a471A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
9d5a05a262ce5c62f5af07164aa226ee20f05a3529a13f4c3b10f6642e980ec1suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
cdfabbf02010e314aaf0717fec7794934ca6e1c28d934c051807997557d665e4Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
865f6f01d3cc5bf17ccb21f2ea7ad728f0e13a90f25b6ff1a1fe00b5b3a4ad68ICQ Web Front DOS Exploit - guestbook.cgi, part of ICQ web front, is vulnerable to a remote denial of service attack. This shell script exploit generates a malformed POST request and uses netcat to send it to port 80 of the victim host.
b8e9e0819dfa1cd572dcf565fd2d91d1830fea0eb549bcc41414b0da7e85f832Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.
ccc299ad0540b9e3f12b44614383906c104dcf932edf981963b113749e28fa08Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
b15ca1584e4ea0d26f2e39fd6253fdaeb6ec98bcc198aec4914a379e204b8f61Exploit for the (patched) major security issue with networksolutions.com(easysteps.pl) which would have set up a bindshell if it had been run.
9341f14a0079af7d87506afc61d98b1ef1589d7eeb8b50a03d204c3b48807cbfThe whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit included, which drops a shell, unlike previous whois_raw.cgi exploits.
cdcb04dcc8c8d833822d837b47e293b61db57cc6668962ea1ef6d1dbedf1b93bcommunigate.pl is a DoS exploit against CommuniGatePro 3.1 for NT.
3c4ca0bd0f5f75d0a744d6c32d7bbbc01e060250be2da4e3f804f20d72c0e403PERL script to grab a list of new files from r00tabega.com. It then gives the user the ability to pick and download any of the files, all without having to load up a browser. ragnarox is planning to also make a front-end for X and MS-WIN.
fe354f1906c1d44d05333dc1504dff7472b8cfe1ff0677b9daf68ccfd55e30b7attrition.pl gets the latest x (you specify how many) defacements from attrition. Just use the script to save the latest defacements to a file and then include them on your page through SSI.
1dc09a27daea3b7dc5e06b5ec698922863ab4b98158b1c6f5ea7765c284c1112DoS.pl uses Net::RawIP to launch a syn flood attack.
32ae0c00c03fd1e282fef426d088787651a77b6b9c1400e9ef48c2c496d3e497Everybody knows about the _vti_pvt password files, but what about those misconfigured Frontpage servers that allow remote login and authoring without a login and password? This script will check for both vulnerabilties.
9040980cfe8b96a201e33ee28fbdd4f0ee1d4f87da6b7f725166cb677e745d00Grinder.pl scans a range of IP's looking for a URL. Could be used to search for sites with a certain URL or CGI program.
17a62deebdd349e5d8c73be75d2c23ff06c8637cbc112b275271d2d25c11d2c9DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
84eec92a26c85da5068c9018ab802447990ef81ba86b37b1781f8eee80271317This script will upload a trojan to an RDS vulnerable site running NT and execute the trojan.
103493a4c6051cab304f220b22274a4ca432f01306d62d03af4825d7c7bf7105
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed