seeing is believing
Showing 1 - 25 of 25 RSS Feed

Files from FX

Email addressfx at phenoelit.de
First Active2000-06-13
Last Active2012-11-23
Router Exploitation
Posted Nov 23, 2012
Authored by FX | Site recurity-labs.com

This is a presentation called Router Exploitation. It was given at BlackHat 2009. It discusses various vendors such as Cisco, Juniper, Huawei, and more.

tags | paper
systems | cisco, juniper
MD5 | e392d0b1fc69f4d7ac2a5079ed9c7203
Cisco CUCM Directory Traversal / Reversible Obfuscation
Posted Nov 8, 2011
Authored by FX, Sandro Gauci | Site recurity-labs.com

Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.

tags | exploit, file inclusion
systems | cisco
MD5 | 0beac78c5f61b53a31e06e89fff5f7b2
Cisco IOS Router Exploitation
Posted Jul 26, 2009
Authored by FX | Site recurity-labs.com

Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.

tags | paper, vulnerability
systems | cisco
MD5 | e3af39385998611d3c8c240c4d54b972
aklink-sa-2008-006-opera-heap-overflow.txt
Posted May 28, 2008
Authored by FX, Alexander Klink | Site cynops.de

Opera versions below 9.25 are susceptible to a heap-based buffer overflow that allows for a denial of service and possibly code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-6521
MD5 | 4b4ae0f9c353645fb3e0a5010c2ef188
RecurityLabs_Cisco_ACS_UCP_advisory.txt
Posted Mar 13, 2008
Authored by FX | Site recurity-labs.com

The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided.

tags | exploit, overflow, vulnerability, xss
systems | cisco, windows
advisories | CVE-2008-0532, CVE-2008-0533
MD5 | 961e3eb6859ac0685950a52be2066222
Cisco Security Advisory 20080312-ucp
Posted Mar 13, 2008
Authored by FX, Cisco Systems | Site cisco.com

Cisco Security Advisory - Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages.

tags | advisory, remote, overflow, arbitrary, vulnerability, xss
systems | cisco, windows
advisories | CVE-2008-0532, CVE-2008-0533
MD5 | 383c5bf5fc0d9bcd46fd639132dd50a6
r3mote_win_UDPexec.pl.txt
Posted Nov 14, 2006
Authored by FX

Original Win32 version of the exploit for the gwrd bug in SAP versions below 4.6D patch 1767 and versions below 6.40 patch 4. Allows for remote command execution.

tags | exploit, remote
systems | windows
MD5 | 655cccf80e97da3df892dd6b0ef94ce3
CiscoVTP.txt
Posted Sep 14, 2006
Authored by FX | Site phenoelit.de

Phenoelit Advisory - Cisco Systems IOS contains bugs when handling the VLAN Trunking Protocol (VTP). Specially crafted packets may cause denial of service conditions, confusion of the network operator and a heap overflow with the possibility for arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution, protocol
systems | cisco
MD5 | b8a3f27492d23e7b9594e53bc2864839
CiscoGRE.txt
Posted Sep 7, 2006
Authored by FX | Site phenoelit.de

Phenoelit Advisory - Cisco Systems IOS contains a bug when parsing GRE packets with GRE source routing information. A specially crafter GRE packet can cause the router to reuse packet packet data from unrelated ring buffer memory. The resulting packet is reinjected in the routing queues. Tested on C3550 IOS 12.1(19).

tags | advisory
systems | cisco
MD5 | f09a97e7d16b1d3caf71b6f332a4a856
JetRoot_pl.txt
Posted Apr 28, 2004
Authored by FX | Site phenoelit.de

Linux root and Windows NT/2000 Administrator remote exploit for HP Web JetAdmin 6.5.

tags | exploit, remote, web, root
systems | linux, windows, nt
MD5 | 5cd19d9db75680df1b4b9a5cd6ca9642
HP_Web_Jetadmin_advisory.txt
Posted Apr 28, 2004
Authored by FX | Site phenoelit.de

Phenoelit Advisory #0815 - Multiple vulnerabilities exist in the HP Web JetAdmin product. Version 6.5 is fully affect. Versions 7.0 and 6.2 and below are partially affected. A vulnerability summary list: Source disclosure of HTS and INC files, real path disclosure of critical files, critical files accessible through web server, user and administrator password disclosure and decryption, user and administrator password replay, and many, many others.

tags | advisory, web, vulnerability
MD5 | e3e5f8476c574e691368a1f5161fc720
iosniff.tgz
Posted Aug 10, 2003
Authored by FX | Site phenoelit.de

Cisco Systems IOS 11.x UDP echo memory leak remote sniffer. The UDP echo service (UDP port 7) has to be enabled on the device. The bug will cause the Cisco router to send about 20 kilobytes of data from the interface buffer pools containing packets in the send/recv/forward queues. This tool will identify IOS memory blocks, find the router specific offset for packets in the block and decode the packet to the screen. Note that this is not a full dump of the traffic through the remote router but rather a subset of received data. Features include a packet checksum cache to prevent repeated output of the same packet, auto identification of packets and buffer offsets, and IPv4 decoding.

tags | remote, udp, memory leak
systems | cisco
MD5 | ad960f073fda285b82dea6d8225ec6f8
CiscoCasumEst.tgz
Posted Aug 10, 2003
Authored by FX | Site phenoelit.de

Cisco IOS 12.x/11.x remote exploit for the HTTP integer overflow using a malformed HTTP GET request and two gigabytes of data.

tags | exploit, remote, web, overflow
systems | cisco
MD5 | c9ac23b2148d2852017b34f6302f570b
libPJL-1.2-src.tgz
Posted Aug 18, 2002
Authored by FX | Site phenoelit.de

PFT is a command line tool to directly communicate with network printers via the Printer Job Language (PJL) using port 9100. Features include full file system access (if installed on printer), environment variable "tuning" and setting of display messages. Platform: Windows and UNIX

tags | tool
systems | windows, unix
MD5 | f3ba61afdaead2f44d21a2e001cb0aef
Hijetter_exe.zip
Posted Aug 18, 2002
Authored by FX | Site phenoelit.de

Hijetter is a tool to directly communicate with network printers via the Printer Job Language (PJL) using port 9100. Features include full file system access (if installed on printer), environment variable "tuning" and setting of display messages. Platform: Windows

systems | windows
MD5 | 07a783e8707067206ed8dfde874a331b
UltimaRatioVegas.c
Posted Aug 18, 2002
Authored by FX | Site phenoelit.de

Phenoelit Ultima Ratio - a Cisco IOS exploitation of a heap overflow and using actual shell code to upload a new config; all in one UDP packet. Exploits an issue in the 11.x IOS TFTP server. Works against Cisco 1600 and 1000 series routers, but is designed as PoC.

tags | exploit, overflow, shell, udp
systems | cisco
MD5 | c89c9794e4f50e92e03e8170a6cdb8ee
irpas_0.10.tar.gz
Posted Jan 11, 2002
Authored by FX | Site phenoelit.de

IRPAS is a suite of routing protocol attack tools which sends custom routing protocol packets from the unix command line. It is very useful for searching for new routing protocol vulnerabilities. Included is a tool for sending Cisco Discovery Protocol (CDP) messages, one for injecting IGRP routes, and a scanner for IGRP autonomous systems. Documentation available here.

tags | vulnerability, protocol
systems | cisco, unix
MD5 | 314670e9d239694cdd4e1f529b63959b
routing.pdf
Posted Jul 21, 2001
Authored by FX | Site phenoelit.de

Slides for FX's talk at Defcon 2001 on attacking routing protocols.

tags | paper, protocol
MD5 | 19dd51ca67fffec971b4c19caeb2e365
vippr1_1.2.tar.gz
Posted Jul 20, 2001
Authored by FX | Site phenoelit.de

VIPRR 1.1 is the first public beta of a concept study of attack routers. It's a userland virtual router which can be used together with any routing protocol attack tools. One of the most interesting features is the ability to inject packets into GRE tunnels and therefore making it possible to perform the RFC1918 hacking attacks described in gre.html without modification of the tools.

tags | protocol
systems | unix
MD5 | 52963bb6cbe2da372cb86ac22d9cde6c
irpas_0.8.tar.gz
Posted Jul 11, 2001
Authored by FX | Site phenoelit.de

IRPAS is a suite of routing protocol attack tools which sends custom routing protocol packets from the unix command line. It is very useful for searching for new routing protocol vulnerabilities. Included is a tool for sending Cisco Discovery Protocol (CDP) messages, one for injecting IGRP routes, and a scanner for IGRP autonomous systems. Documentation available here.

tags | vulnerability, protocol
systems | cisco, unix
MD5 | 819c8c333a2b7b7186059f4ec124c74f
gre.pdf.gz
Posted Dec 23, 2000
Authored by FX | Site phenoelit.de

This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.

tags | paper, protocol
MD5 | 74238e97542ad3e67f91ef9f872afd20
vnx4.c
Posted Sep 18, 2000
Authored by FX | Site phenoelit.de

vnx4.c is a VNC attack program ported to Windows. Features cracking of the password in the registry, online brute force against VNC server or cracking a sniffed challange/response handshake.

tags | cracker, registry
systems | windows
MD5 | 12f343be3878ca5fa0d1fe3f07fb29b1
wci.c
Posted Jul 5, 2000
Authored by FX | Site phenoelit.de

WCI for Windows is a simple ARP connection interceptor for switched networks and especially for SMB, based on here.

tags | tool, sniffer
systems | windows
MD5 | a68bfc84f695776e5ab21a599c4e15aa
ARP0c2.c
Posted Jun 26, 2000
Authored by FX | Site phenoelit.de

ARP0c2.c - ARP0c2 is a simple and powerful connection interceptor for switched networks. It features ARP redirection/spoofing, automated bridging, automated routing, progressive attacks of known IP connections, network cleanup on exit, and ARP flooding with random IP and Ethernet addresses. Known network connections can be intercepted by adding them to the routing table file. It is complely userland and tested on Linux.

tags | spoof
systems | linux, unix
MD5 | ded98e3f51e86e349e9f3b973a7a1bda
cd00r.c
Posted Jun 13, 2000
Authored by FX | Site phenoelit.de

cd00r.c is a proof of concept code to test the idea of a completely invisible (read: not listening) backdoor server. Standard backdoors and remote access services have one major problem - the port's they are listening on are visible on the system console as well as from outside (by port scanning). To activate the remote access service, one has to send several packets (TCP SYN) to ports on the target system. Which ports in which order and how many of them can be defined in the source code.

tags | tool, remote, tcp, rootkit, proof of concept
systems | unix
MD5 | f7d023c9bfa342c440262beb65dd105e
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close