SmbRelay3 is a proof of concept tool that is able to replay NTLM authentication from several protocols like SMB/HTTP/IMAP/etc.
c4576fe3ee7ac39a0393e9a737fca78376593895664fc89134376ec2cb90c4a2
Microsoft Windows 2000 AS SP4 Message Queue exploit that takes advantage of the vulnerability noted in MS07-065.
c98477bc57103e54dfdc98421ad052473c5dfb8a29b81a40cde4e96a8bd1735a
Fast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.
6fdc2f841cacc72e9f514e6f59a51e63dafb283ee4928442ee10a184d4887dfb
Microsoft DNS Server remote code execution exploit and analysis. This exploit works against TCP port 445. Tested against Windows 2000 server SP4 and Windows 2003 SP2. Binds a shell to TCP port 4444.
da933bee902a9d0ad317df3b6dae1ddd4b4844a53889479f6ff633eed2376da5
Exploiting Microsoft DNS dynamic updates for fun and profit.
c5ab6320f2c6c4fb706f554131fc0d9e5bb76c5ef5653d4c5995ddca09bf0050
Universal exploit for vulnerable EnumPrintersW() calls related to the spooler service. Allows code execution with SYSTEM privileges. Affected includes DiskAccess NFS Client (dapcnfsd.dll version 0.6.4.0), Citrix Metaframe - cpprov.dll, and Novell - nwspool.dll.
2b62efa9f7692468c57fd5ccfb6faa392631ea515d577bee9c4b44042069ea68
This tool allows you to impersonate user credentials (with namedpipes) and execute a shell. One of the best features of this tool is that it includes some new attack vectors (payload generator with -t parameter) to force network users to connect to a remote host (desktop.ini, html code, lnk files, url files,pps,) so smbrelay can also be used.
9346dee563fb29b2b3df7d23637e8761553627b823a55102ab2f1771384d41cb
This tool is able to duplicate all Tokens stored in the system by calling NtQuerySystemInformation(). Duplicated Tokens allow users with local Administrator rights to execute code with credentials of every user that is logged on to the system locally or over network. Default mode only extracts tokens from the lsass process.
1a0435ffe70c05e1ac855b72e2791c48ef936b97e049469b6101088dd1cb7a06
This tool enumerates all processes and threads running and shows their Token owner information. Users with SE_DEBUG_NAME privilege should be able to inject code on a local process and execute code with their privileges. This could be useful to obtain an interactive shell (at port 8080) when an user session is locked.
1ac149ac191a602c8eba43f12c04a137a7aacdf4f3d5eb3938a05335167236e8
TIBCO RendezVous versions 7.4.11 and below local password extractor exploit.
37a8f2470720c05fb268d55580ae48abacf5b06355d3ed795e8b36f4da1109d8
TIBCO RendezVous versions 7.4.11 and below remote buffer overflow proof of concept exploit for Win32.
a2acc82193bc944036d11007da642449232210befd672ef7859b1dc487c9713f
Privilege escalation exploit for Windows networks using weak service restrictions.
34bff3fb3d15bec768c08cd8b636431feca0c25ff6e698753eed31aa91257bbe
Small bindshell (908 bytes for binary) for Windows compacted to 804 bytes with a little Headers modification. Both binary and Source code (VC++) included.
c24879c1a910a3cda9f80e94fd66cb18d753862ab5efbb173718dbd4591c8a19
Internet Explorer content advisor exploit that is related to MS05-020.
2f95b570804ce81df9cc63e603821d901dd46f7d675f57008472b4a884355879
SIA has discovered a buffer overflow in EXT.DLL, a module that handles HTTP requests in BadBlue versions below 2.6.
b5607998c3430b98c9a9226f12852961b96d8150541c9eb0ce960333b9bd954a
BadBlue webserver version 2.55 remote buffer overflow exploit. Tested under Windows 2000 Professional SP3/SP4 Spanish, Windows 2000 Server SP4 Spanish, and Windows XP SP1 Spanish.
fe7238baf095c01f92cdae15b943f6068e411290a7891e914c4bab324c9f43f7
BadBlue webserver version 2.5 is susceptible to a remote buffer overflow vulnerability that allows for code execution. Full exploit provided.
73a20d2002ca46bb0adf0da831ff0b843279055c07ced4db282a219e1074b5fb
Rkdscan is a scanner designed to detect whether or not an NT based computer is infected with the Hacker Defender root kit. To do this, it makes use of a design flaw.
fb9cf84d81fd7fd2614c962389c68e8ab96259991c2e6cda0003ae94c0aab8e4
Fastream NETFile FTP/Web Server versions 6.7.2.1085 and below suffer from input validation errors that allow malicious attackers to upload, create, and delete files in the application directory.
fd1a383030a6185b2e7e538d9fe23be9e41eb02241f1ecab5cc31cde950bba37
The embedded webserver for the Thomson TCM315 cable modem is vulnerable to a buffer overflow during a typical GET method HTTP request.
9fe3659ee27d616cce7a519a8bdc569a333a69876d8490c3875cba0299d02fe9