exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from Loki

Email addressloki at f8labs.com
First Active2000-08-15
Last Active2000-12-07
f8-120500-vpnet.txt
Posted Dec 7, 2000
Authored by Loki, f8labs | Site f8labs.com

VPNet Technologies VSU VPN appliances have serious remote vulnerabilities. A source routing flaw in VSU allows for unauthenticated connections to a target host on protected LAN of VPN, and a flaw in NOS bridging code causes VSU to pass spoofed private address packets from it's public interface to the private network.

tags | remote, spoof, vulnerability
MD5 | 842563e9a74d9ce032ecd3ad2b09bdc3
f8-112000-bbr2.txt
Posted Nov 26, 2000
Authored by Loki, f8labs | Site f8labs.com

The here.

MD5 | 21febb10ad01b7d525539eebd27b3505
f8-103100-realsecure.txt
Posted Nov 6, 2000
Authored by Loki, f8labs | Site f8labs.com

RealSecure by ISS v5.0 fails to detect attacks using the year old IIS 5 RDS bug and the recent UNICODE hole.

MD5 | 2261582d30dba416f267fcbda218180f
mantrap-info.tgz
Posted Nov 6, 2000
Authored by Loki, f8labs | Site f8labs.com

ManTrap, a commercial honeypot, can easily be identified and subverted. The process hiding can be detected by sending a signal to each PID, there are /proc inconsistancies, the first 4 processes always get hidden, the inode number is off, and the chroot can be broken via raw device access. Includes mantrap.c, a exploit which checks for the first 3 issues.

MD5 | adb35a5fd09dfa0559f43701f39ecb48
vpn-root.txt
Posted Aug 31, 2000
Authored by Loki

RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.

tags | exploit, remote, arbitrary, shell, root
MD5 | e652b5019d76b70669b11034ae0542a7
rapidstream.vpn.txt
Posted Aug 15, 2000
Authored by Loki

RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.

tags | exploit, remote, arbitrary, shell, root
MD5 | 6e70e4def5f1cac4ebe348a0e56c6965
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close