exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Loki

Email addressloki at f8labs.com
First Active2000-08-15
Last Active2000-12-07
f8-120500-vpnet.txt
Posted Dec 7, 2000
Authored by Loki, f8labs | Site f8labs.com

VPNet Technologies VSU VPN appliances have serious remote vulnerabilities. A source routing flaw in VSU allows for unauthenticated connections to a target host on protected LAN of VPN, and a flaw in NOS bridging code causes VSU to pass spoofed private address packets from it's public interface to the private network.

tags | remote, spoof, vulnerability
SHA-256 | 0cb8674acbf084b5918dab3149caf09b90482e6bca33a3214386bb64286cb150
f8-112000-bbr2.txt
Posted Nov 26, 2000
Authored by Loki, f8labs | Site f8labs.com

The here.

SHA-256 | 6fb960b4f5c3485bdbcec10301697c2f0a2a956ffe68740fa84a0411ce0bf4ee
f8-103100-realsecure.txt
Posted Nov 6, 2000
Authored by Loki, f8labs | Site f8labs.com

RealSecure by ISS v5.0 fails to detect attacks using the year old IIS 5 RDS bug and the recent UNICODE hole.

SHA-256 | 453d10fa616c5ee68f11a6790756532a25384881a2177d18253ce60f36c2c773
mantrap-info.tgz
Posted Nov 6, 2000
Authored by Loki, f8labs | Site f8labs.com

ManTrap, a commercial honeypot, can easily be identified and subverted. The process hiding can be detected by sending a signal to each PID, there are /proc inconsistancies, the first 4 processes always get hidden, the inode number is off, and the chroot can be broken via raw device access. Includes mantrap.c, a exploit which checks for the first 3 issues.

SHA-256 | 54a333746c7dc4826ba17db0df51fcbfc4a52dc1ecfb81630351161e213ceac9
vpn-root.txt
Posted Aug 31, 2000
Authored by Loki

RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.

tags | exploit, remote, arbitrary, shell, root
SHA-256 | 4b922cd0b6565086e642ee2ff57903babce23e38618ab193b67f145f89db55fd
rapidstream.vpn.txt
Posted Aug 15, 2000
Authored by Loki

RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.

tags | exploit, remote, arbitrary, shell, root
SHA-256 | 1fd2ed25e75ae6103e367de4a012acaddbd2dec2b82709822d1d1f127d8cc413
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close