exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Shane A. Macaulay

Email addressktwo at ktwo.ca
First Active1999-11-04
Last Active2011-03-03
Tickling CGI Problems
Posted Mar 3, 2011
Authored by Shane A. Macaulay, Derek Callaway | Site security-objectives.com

Tickling CGI Problems is a whitepaper that focuses on the security of Tcl CGI scripts.

tags | paper, cgi
SHA-256 | 1298ddc346dcf21a262702c2826861718c460a4dec46483f991250a955c817bb
aawns.pdf
Posted Jan 29, 2006
Authored by Shane A. Macaulay, Dino A. Dai Zovi

Whitepaper entitled 'Attacking Automatic Wireless Network Selection'.

tags | paper
SHA-256 | 0fab76effc4d98fe89fa651a422e69e400fe3ac37312fd2e5b3e468409306386
mscreen.c
Posted Jan 27, 2001
Authored by ADM, Shane A. Macaulay

SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.

tags | exploit, local
SHA-256 | 46e2112f1ac589a1dd162f6987291786829b758ff1f0dcfb9a92ed98a4c809ba
tru-64.su.c
Posted Jan 27, 2001
Authored by ADM, Shane A. Macaulay

Tru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.

tags | exploit, local
SHA-256 | f67306c7d5e8a80b0d9dd9ec31f5862dc99315e27b96ffd753df2a04197de25e
hp-pppd.c
Posted Dec 6, 2000
Authored by Shane A. Macaulay

HP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit.

tags | exploit, overflow, local, root
systems | hpux
SHA-256 | fe3f5dd4d79deb81bc655988c0acc2f21da6e77fad6cfac1b4dcdac71dd5c744
obsd_fstat.c
Posted Oct 4, 2000
Authored by Shane A. Macaulay, Caddis | Site ktwo.ca

OpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.

tags | exploit, local, root
systems | openbsd
SHA-256 | 0871c02f9900cd9d31c6b18d39964674456feb034d0b15de1647853203cc0096
ADMsximap.c
Posted Jan 27, 2000
Authored by ADM, Shane A. Macaulay

Solaris Solstice Internet Mail IMAP4 Server x86 exploit.

tags | exploit, x86
systems | solaris
SHA-256 | adcc570a64ad515dee55499942b44fc76607894ebc9c473d4d7a8654c863de59
vpopmail.txt
Posted Jan 27, 2000
Authored by Shane A. Macaulay | Site w00w00.org

w00w00 Security Advisory - qmail-pop3d may pass an overly long command argument to it's password authentication service. When vpopmail is used to authenticate user information a remote attacker may compromise the privilege level that vpopmail is running, naturally root.

tags | exploit, remote, root
SHA-256 | 3bd0074f38eb47b414a84c38444aed7fa25ca801a4f14f89d10b39ad7380dd2d
qmail-pop3d-vchkpw.c
Posted Jan 27, 2000
Authored by Shane A. Macaulay | Site ktwo.ca

Remote exploit for the inter7 supported vchkpw/vpopmail package for (replacement for chkeckpasswd). Tested on Sol/x86,linux/x86,Fbsd/x86 against linux-2.2.1 and FreeBSD 3.[34]-RELEASE, running vpopmail-3.4.10a/vpopmail-3.4.11[b-e]. Unofficial patch here.

tags | exploit, remote, x86
systems | linux, freebsd
SHA-256 | 96783f06acb089b526184c758e946ec901db1b61ec472cbee7dc24a2094b6765
uw-ppptalk.c
Posted Jan 22, 2000
Authored by Shane A. Macaulay

UnixWare 7 exploit for /usr/bin/ppptalk.

tags | exploit
systems | unixware
SHA-256 | 10de24aa93dd63689988d573d193dad1b34aff38e4811d4a1f12d1f1b2c411f6
solaris.snoop.c
Posted Dec 10, 1999
Authored by Shane A. Macaulay

[w00giving #8] Here's a new version of my snoop exploit, it seems that it will work on the new patched version of snoop aswell, and actually, the target host dose NOT have to be running with -v. Snoop is a program similar to tcpdump that allows one to watch network traffic. There is a buffer overflow in the snoop program that occurs when a domain name greater than 1024 bytes is logged, because it will overwrite a buffer in print_domain_name. This vulnerability allows remote access to the system with the privileges of the user who ran snoop (usually root, because it requires read privileges on special devices). Remote Solaris 2.7 x86 snoop exploit included.

tags | exploit, remote, overflow, x86, root
systems | solaris
SHA-256 | 99717fd62e6c6114deeea939793ba768fffa61af82db1312bc92a5d2d6438cf0
unixware.su.txt
Posted Nov 26, 1999
Authored by Shane A. Macaulay

The su command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed.

tags | exploit, overflow
systems | unixware
SHA-256 | 2f370cc88cadf6efc7b1f8a55d5ae2f5c3b8ce45ae76e772bf81e939d0b03feb
unixware.Xsco.txt
Posted Nov 26, 1999
Authored by Shane A. Macaulay

[w00giving '99 #6]: UnixWare 7's Xsco. Due to improper bounds checking, an overflow occurs when a lengthy argument (argv[1]) is passed. Because Xsco runs with superuser privileges, this can be exploited for elevated privileges.

tags | exploit, overflow
systems | unixware
SHA-256 | 0710e3286329f4ec82f0b43031b6894da9140f1c90cf3c7b571b5b51ad62ad0d
unix7.var-sadm.txt
Posted Nov 12, 1999
Authored by Shane A. Macaulay

When patches/fixes are applied to binaries on UnixWare 7, the original, unpatched binary files (with the suid/sgid bits maintained) are stored in /var/sadm. By default, the permissions on this directory is 755. This allows normal users to execute and exploit old binaries leftover from patching.

tags | exploit
systems | unixware
SHA-256 | ddcc3aea580eae13df34903d75ef698ba2a71c314c68aee75fb50df4903aaa5d
unixware7.dtappgather.txt
Posted Nov 4, 1999
Authored by Shane A. Macaulay

UnixWare 7's dtappgather runs with superuser privileges, but improperly check $DTUSERSESSION to ensure that the file is readable/writeable or owned by the user running it. Exploit included. w00w00 website here.

tags | exploit
systems | unixware
SHA-256 | f8bee3268bfc608eaab021a68dc06500bce5f3507fc0f6d8f83e6eaa88c360de
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close