Cisco AP remote denial of service exploit that makes use of maliciously crafted ARP requests.
4083da861a5b98c1c4884acb301763e04d58d02fe2ac8140746df0c0400371a0RPM Finder Project version 1.2 is a utility that works much like the rpmfind.net site. It supports RedHat and Mandrake Linux.
1b21c1e4fe44c14c6699021a8dfb60258df84ba160eb73d9c370d35decd0d8d2A shellcode that automatically obtains the highest available uid to setuid().
4992fdaec9c45eea8c9813a40f77d568c2c61c9efef684ef291db214b197d926Smart shellcode which prompts the user for the uid to setuid() with.
ad5249bda8d4fde51167d66b3b19ab600597794ec067f9bc632a8aaef4535f83White paper discussing stack overflows, ways to exploit them, and SIMPLESEM.
85ddc994e6b7cdd09d72c7e1a271c91908d9ccbd87b5a1ba218dbac260ff56edProof of concept local exploit for gnats version 3.113.1_6 tested on FreeBSD 5.0. If successful, escalates privileges to gnats.
2b31b10d89b57698e84d31e47881d7d90cf4391690ee56926c5a87a74db28850Exploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html.
de57f77d0570f6c0cef77345b9c3a45bdf07eb7947748433529550f3a4693e1aLocal exploit for Upclient 5.0.b5 that spawns a shell with kmem privileges. Tested on FreeBSD 5.0.
12ad32e03b238b43ac52391150406436f569b35875fd12e93cbdce6c5c310419mIRC 6.03 and below allows an attacker to misleading supply a URL that poses as one URL but leads to another by setting the color of the secondary URL to the default background color.
6b69a01535a0c67322cb56b25faa8fc7dba090f0825a3a04ed026b05cdd0462dmIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
e563523994f9fa8795dd89183f1920def4ff07f15d1392c758656569e82a5204Proof of concept exploit for mnoGoSearch 3.1.20 (and possibly works on 3.2.10) that binds a shell to port 10000. Tested against FreeBSD.
3b52260178c6331557b9865a060541ff07d5cdeeedbe2e926b3952bdeac4b23dLocal root exploit for listproc 8.2.09 written for FreeBSD.
32d29d4604081ef12675fd665f8f0a35be36d443ef66bfee3dd3ba7a3b41693dThis script runs in place of ftpd to exploit the moxftp/mftp 2.2, cftp 0.12, and Iglooftp 0.6.1 clients. Written to exploit these clients on FreeBSD.
67e0e9f6bca8ed6e1bd88ca18e787b3b189c8c1e1e8366b20442d23f28fc63c1A paper that details the manipulation of the destructor when utilizing a buffer overflow, a format string attack, or corrupting a malloc chunk.
9ca183559ae54fd97c38cdc1cdabdfb443407e4dead2e88e1c635a606ab6c42dDTORS Security - First Security Agent, the first screen locking tool for win32 is vulnerable to a local user changing or disabling the password via the system registry.
658980c23c1c70311de70e308d4e010c29a4e526b9221aee3b44e87b040fb2efExploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
bdb62d798a58f673dc7a74bf9554a3a89281cc32e003b0963dceb3f6d801b45aAccess utility via TCP that works much like telnetd. Supports MD5 authentication, gives a full tty, and logs everything.
7173515f75b93734bc4de681cf38a90849aee75317c57d97395435a22d3227abRPM Finder Project version 1.2 is a utility that works much like the rpmfind.net site. It supports RedHat and Mandrake Linux.
6459a4c851ab66b8349b4e3c4a5708961d44bcb8b8619a9b9ba72fa620066729RPM Finder Project version 1.0 is a utility that works much like the rpmfind.net site. It currently only supports RedHat but will support Mandrake and Suse in its future releases.
d9c5fb359c7e6f5c54e12b8ab53f4c8ef840ca39788e0fc250de49320730453bTwo articles that present an introduction to reverse engineering a disassembly dump from gdb into an accurate C program. Armed with this knowledge, it will allow a researcher to depict potentially vulnerable functions and gather further information as to the inner workings of the program.
bf1e8cddd02f2b9a3596e09d9b6339416a963224a6f82253a05b301170ac8ff9Buffer Overflows for Kids part 2 - This is part two, the follow on from bofs4kids. In this tutorial I am going to attempt to give you the knowledge to be able to e exploit a program, without coding in C. But we will need to use gdb quite a bit, so any prior knowledge would be helpful but not necessary.
39a87ffcaf6f339e334dc1cda6f41e33561a41b19cd6e1c899d2b2fa9e343ef2This tutorial is not going to teach you how to code an exploit, but what it is going to do is give you a good understanding of what a buffer overflow is, what types of buffer overflows there are, how we would go about exploiting a buffer overflow, and how to identify a buffer overflow. C and ASM knowledge is not required.
3b09e6c7b77a96b63d7b66bb3c986b732511691a13617d29880e2b53c3d34f5aBish.c is multi-platform shellcode tested on FreeBSD 4.6-PRERELEASE, FreeBSD 4.5-RELEASE, OpenBSD 3.0, NetBSD 1.5.2, Linux 2.0.36, Linux 2.2.12-20, and Linux 2.2.16-22. Based on code by Zillion, added setuid().
74d9b908afde9dc5d569ea71e671de85b3c81ce631b4ef0d9bb20b74743289f2Finding Vulnerabilities - This paper explains the auditing of C source code to find application exploits. Includes a practical example of how to hack an IDS that was coded for a website.
9a48e28edc710e3b6eb7dfe1ecba2cec826785f99ff2ef8c0174fa6e04e4a18cShellcoding - How to write shellcode for Linux/x86. Includes parts I + II.
ab9b8ac49332beb7d33224ea976173ece2c5d27c3e8ef84a8f08f0888ea062bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed