RetaRDS.pl checks for IIS web servers which are vulnerable to the RDS bug. Includes host list scanning and IDS evasion.
8ab119af163fc9daed47a7f1e47a2ddb6b694004f8d9fb14478bf9d003f54d5d
Multihtml.c is a remote exploit for /cgi-bin/multihtml.pl, versions previous to 2.2 which spawns a remote shell.
1cb8b402e54df7815270db3a85536296536997d3459dfb03bc464424e639323c
NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0.
fd048c6976c8652d858e282e552db1b774bbf2a33f9c4f5d8cbdad0d39ab5194
Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
9e90411a076c4578051a6a030e0ddf9912c74a3586dd318b2d2f7e86d6cbe206
Sourcescan.pl looks through C source code for common vulnerabilities, including strcpy, gets, strcat, sprintf, fscanf, scanf, vsprintf, realpath, getopt, getpass, streadd, strecpy, strtrns, getenv, and setenv.
08e9707e93b71327f7308ac80c26eb28bcc78a62b4c77d056f8e210bed720e03
Many IDS systems detect buffer overflow exploitation by looking for a series of NOP's (hex 90) which are typically used to pad the buffer so the offset does not have to be exact. Instead of using NOP's, a stealthy exploit could jump to the next instruction (jmp 0x00) or jump a small number of instructions.
5a83aa8429b3c9c4766634a3e4e0e6c3a972a542233b82a48fde3c8475fd483b
BitchX dos exploit - joins a channel with %s in the name, and invites target nick.
454c258db3817f6310a5b53eef7dcb95058960cff7c6b95c5c1b94c2b3b38f0e
Quick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
9bff10e0b13f74501fe381001cf0e37279e3be5fca0e60e87cb1c850a547780f
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
a9a2d6cb059ca360921cfea53192a86691abc7cab592a0d3711c7ca85e80a471
A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
9d5a05a262ce5c62f5af07164aa226ee20f05a3529a13f4c3b10f6642e980ec1
suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
cdfabbf02010e314aaf0717fec7794934ca6e1c28d934c051807997557d665e4
Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
865f6f01d3cc5bf17ccb21f2ea7ad728f0e13a90f25b6ff1a1fe00b5b3a4ad68
ICQ Web Front DOS Exploit - guestbook.cgi, part of ICQ web front, is vulnerable to a remote denial of service attack. This shell script exploit generates a malformed POST request and uses netcat to send it to port 80 of the victim host.
b8e9e0819dfa1cd572dcf565fd2d91d1830fea0eb549bcc41414b0da7e85f832
Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.
ccc299ad0540b9e3f12b44614383906c104dcf932edf981963b113749e28fa08
Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
b15ca1584e4ea0d26f2e39fd6253fdaeb6ec98bcc198aec4914a379e204b8f61
Exploit for the (patched) major security issue with networksolutions.com(easysteps.pl) which would have set up a bindshell if it had been run.
9341f14a0079af7d87506afc61d98b1ef1589d7eeb8b50a03d204c3b48807cbf
The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit included, which drops a shell, unlike previous whois_raw.cgi exploits.
cdcb04dcc8c8d833822d837b47e293b61db57cc6668962ea1ef6d1dbedf1b93b
communigate.pl is a DoS exploit against CommuniGatePro 3.1 for NT.
3c4ca0bd0f5f75d0a744d6c32d7bbbc01e060250be2da4e3f804f20d72c0e403
PERL script to grab a list of new files from r00tabega.com. It then gives the user the ability to pick and download any of the files, all without having to load up a browser. ragnarox is planning to also make a front-end for X and MS-WIN.
fe354f1906c1d44d05333dc1504dff7472b8cfe1ff0677b9daf68ccfd55e30b7
attrition.pl gets the latest x (you specify how many) defacements from attrition. Just use the script to save the latest defacements to a file and then include them on your page through SSI.
1dc09a27daea3b7dc5e06b5ec698922863ab4b98158b1c6f5ea7765c284c1112
DoS.pl uses Net::RawIP to launch a syn flood attack.
32ae0c00c03fd1e282fef426d088787651a77b6b9c1400e9ef48c2c496d3e497
Everybody knows about the _vti_pvt password files, but what about those misconfigured Frontpage servers that allow remote login and authoring without a login and password? This script will check for both vulnerabilties.
9040980cfe8b96a201e33ee28fbdd4f0ee1d4f87da6b7f725166cb677e745d00
Grinder.pl scans a range of IP's looking for a URL. Could be used to search for sites with a certain URL or CGI program.
17a62deebdd349e5d8c73be75d2c23ff06c8637cbc112b275271d2d25c11d2c9
DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. Our login, when in place, will not show the defined user logged into the system, nor log the connection origin.
84eec92a26c85da5068c9018ab802447990ef81ba86b37b1781f8eee80271317
This script will upload a trojan to an RDS vulnerable site running NT and execute the trojan.
103493a4c6051cab304f220b22274a4ca432f01306d62d03af4825d7c7bf7105