exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files from Dave Aitel

Email addressdave at immunitysec.com
First Active2002-04-11
Last Active2005-10-11
TT-Dave-Aitel-Nematodes.sxi
Posted Oct 11, 2005
Authored by Dave Aitel

Nematodes (Beneficial Worms) - This presentation presents concepts for taking expoitation frameworks into the next evolution: solving complex security problems by generating robustly controllable beneficial worms. The Why, How, and What of Nematode creation are discussed, along with some concepts in Mesh routing. Problems discussed include legal issues, controlling your worm, writing an intermediate language, the Nematode Intermediate Language (NIL) for writing robust worms, reliability problems, commications protocols, and future work.

tags | worm, protocol
SHA-256 | 446fdad6f1cbb3d6964e71c5e4b8c7eeb406f2582978a27b2314f9e084849e8d
llssrv_miss.pdf
Posted Mar 25, 2005
Authored by Dave Aitel | Site immunitysec.com

A paper by Immunity describing in technical detail the details of the LLSSRV issue described in MS05-010. This paper also describes how this issue affects Windows 2000 AP SP3 and SP4 without authentication, something which was not described in the MS05-010 bulletin.

tags | paper
systems | windows
advisories | CVE-2005-0050
SHA-256 | 9a2d067a18b330af81f10c5e578a7b8b552bacf8da50268824d53fb63f24a752
enterprise_specific_security.sxw.pdf
Posted Apr 2, 2004
Authored by Dave Aitel | Site immunitysec.com

White-paper that discusses how large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions.

tags | paper
SHA-256 | c6c4f6b12fb74b7afadba7327aaa5573e227432e84a466f69fc60cb82f8ebd7a
dtlogin.sxw.pdf
Posted Mar 24, 2004
Authored by Dave Aitel | Site immunitysec.com

Immunity Security Advisory - A double-free weakness in the XDMCP parser of dtlogin (CDE) results in remote code execution against popular server operating systems, such as Solaris. This attack is performed over UDP port 177.

tags | advisory, remote, udp, code execution
systems | solaris
SHA-256 | 34a2ff7508addcf429bd6658dd04890ff4df50eab6a7461c5b52a69bb51e0b7d
hp_http.sxw.pdf
Posted Mar 16, 2004
Authored by Dave Aitel | Site immunitysec.com

Immunity Security Advisory - The Compaq Web Management system (HP HTTP) has a bug in its validation system that allows an anonymous user to upload trusted certificates.

tags | advisory, web
SHA-256 | abd992377e84fc44d38444954b8896715b7619fe2c505a46a3639e73084980f2
awservices.sxw.pdf
Posted Mar 16, 2004
Authored by Dave Aitel | Site immunitysec.com

Immunity Security Advisory - Remotely exploitable stack overflows exist in Computer Associates Unicenter TNG Utilities awservices.exe. Successful exploitation elevates an attacker to SYSTEM privileges. All known versions of Unicenter TNG 2.4 are affected.

tags | advisory, overflow
SHA-256 | 1625a608ed26cffca06238ca193f1bde9f9b610f98606c2b6088043899bef4c8
MOSDEF0.1.tgz
Posted Oct 2, 2003
Authored by Dave Aitel | Site immunitysec.com

MOSDEF is a 100% Python retargetable compiler for C->shellcode that has been released to the public under the LGPL.

tags | tool, shellcode, python
systems | unix
SHA-256 | 54e0931a0105789ff6e3a81c696033a19f35fb5cfc10aafb6e9eddb334d14ddf
aitel.html
Posted Aug 26, 2003
Authored by Dave Aitel

Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.

tags | advisory, root, protocol
SHA-256 | 2dbb8dceb018ef54a3e9f64fe191da489067b6b3aa66be81d8e731a9d1ec9d48
SPIKE2.8.tgz
Posted Feb 5, 2003
Authored by Dave Aitel | Site immunitysec.com

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC). Changelog available here.

Changes: Includes plonk, a new local/remote windows 2000 DoS. A DCE-RPC over named pipe fuzzer was added, SPIKE proxy is updated to 1.4.7, and BSD compatibility is improved and some Oracle tests where added to the audits directory.
tags | web, protocol
systems | unix
SHA-256 | 86d96bf99bcd039981ca89f8b55edca9f39fa71986a9df7c51797e24f233dbcd
SP147.tgz
Posted Jan 31, 2003
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL 0.5.1 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: Internet Explorer compatibility has been fixed, the core engine is more capable against a wider range of web pages and it is now possible to restrict use of the proxy.
tags | web, protocol, sql injection
SHA-256 | 142ae177527d9498126eb4a70b71c1f2642ba5f5f28fd5e7203dd87aadb7b24e
spikeproxy-1.4.6.tar.gz
Posted Nov 19, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: Fixed NTLM support for some people, Added "False 404 Detection" which can be customized through the Configuration menu.
tags | web, protocol, sql injection
SHA-256 | 54a911963dbe4a6caf791058bad81c96bb56b6161bdc47bc2ca775b8dbf8b47a
spike.rpc.txt
Posted Oct 21, 2002
Authored by Dave Aitel | Site immunitysec.com

Windows 2000 Service Pack 3 can be crashed remotely via TCP port 135 due to a vulnerability in the DCE-RPC stack of Windows 2000 and related OS's. This vulnerability allows anyone who can connect to port 135 TCP to disable the RPC service. Disabling the RPC service causes the machine to stop responding to new RPC requests, disabling almost all functionality. Proof of concept available here.

tags | tcp, proof of concept
systems | windows
SHA-256 | 542a8cc5b49599b1ff7b27bc7d61b0fce3dc381c63264d8103928579a9a3db5a
SPIKE2.7.tar.gz
Posted Oct 10, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: The biggest new feature is the addition of size fuzzers, which attempt to locate integer overflows. Now reproduces the pptp kernel bug on Windows 2000 and XP, IIS denial of service attacks, MSRPC bugs, and Solaris SunRPC bugs.
tags | web, protocol, sql injection
systems | unix
SHA-256 | 7e60aa2ee5f63e45aef6983e693d49307392415159e2911380a829d8738ba7df
dcetest-2.0.tar.gz
Posted Oct 4, 2002
Authored by Dave Aitel | Site atstake.com

Dcetest is a tool which probes a windows machine over TCP port 135, dumping MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network. Similar to the rpcdump program from Microsoft, but does not need a DCE stack and so runs on Unixes.

tags | tool, scanner, tcp
systems | windows, unix
SHA-256 | 4a319a08ae0838234f5b6fbd0b4d2e0fac7560a7553a4e1b043527cc17032aa3
spikeproxy-1.3.tar.gz
Posted Sep 27, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: Core engine fixed, crawling support fixed, directory and file scan added.
tags | web, protocol, sql injection
SHA-256 | 08787f66244491fa56d1a647c261268d4044bc34cf9b2299b02a138f29c94598
hashdbv0.2.tar.gz
Posted Sep 27, 2002
Authored by Dave Aitel | Site immunitysec.com

HashDB is a networked md5 hash comparison tool that allows you to automatically check the hashes of any files you download against a master database stored at www.immunitysec.com. This allows you to download source tarballs without worrying that they've been replaced by trojaned ./configure files.

tags | trojan
systems | unix
SHA-256 | 4a1fc0b4fd64f1f50f53b470729606f6873f9dff312ef2a66c32af02f31e6501
SPIKE2.6.tar.gz
Posted Sep 5, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC). SPIKE Blackhat talk available here.

Changes: Added SunRPC fuzzing, integer fuzzing, crawling support for SPIKE Proxy, unicode support, and many other features.
tags | web, protocol
systems | unix
SHA-256 | a03cde9d9e6a0610628520b29ddaca21cfc758c0f5b56e014e242ef63cc09f87
SPIKE2.5.tar.gz
Posted Aug 7, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).

Changes: Includes Microsoft SQL server hello bug, 2 remote unauthenticated Access Violations via MSRPC, 1 vulnerability in the MSRPC endpoint for the MTA, and includes SPIKE Proxy 1.1.1. SPIKE Blackhat talk available here.
tags | web, protocol
systems | unix
SHA-256 | 4b6f55e50509d028e4bd6ddd572448488111ccb0ec96471f70c82403816b6ba9
spkproxy1.1.tar.gz
Posted Jul 24, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.

Changes: A HTML based GUI is now included, allowing the user to quickly look for SQL injection bugs/overflows on an entire site or rewrite individual requests.
tags | web, protocol
SHA-256 | 9b38f8f7bb8355547afc59ac401553989648c2392fa630a1188abaabde229a6b
SPIKEv2.4.tar.gz
Posted Jul 17, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).

Changes: Added GUI, and scripting language support. Examples included. Screenshot available here.
tags | web, protocol
systems | unix
SHA-256 | e055b1879513702841a95c003e9606a987f0497b30ff9ffd6517017a36ef0fe0
spkproxy1.0.tar.gz
Posted Jul 15, 2002
Authored by Dave Aitel | Site immunitysec.com

SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included.

tags | web, protocol
SHA-256 | 2cc7ac85df579320ecd4e4c70e6ba4fec0eb040650fc9349630356851e1d99d5
apachefun.tar.gz
Posted Jun 20, 2002
Authored by Dave Aitel | Site immunitysec.com

Apachefun is Spike script which exploits the new apache chunked data vulnerability. Tested on Apache-AdvancedExtranetServer/1.3.23. Causes a segmentation fault.

tags | exploit
SHA-256 | 9ed9fcf633dfcf3b3a1be428ab70c47b438e1a4d1d7914f38023343154914d01
Atstake Security Advisory 02-04-10.1
Posted Apr 11, 2002
Authored by Atstake, Dave Aitel | Site atstake.com

Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.

tags | remote, overflow, code execution
systems | windows
SHA-256 | d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close