Local root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.
95a7207a7051562030ac705492537b56b8b7240a2c9e35e9973ec9e34e4a0c48Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
bfeb19101920045f9d6f6904868ad67701158aa7b9bc94f200fad68320b7c937Local root exploit for a vulnerability in the passwd circ() function under Solaris/SPARC 8/9. This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
a6e61ccf2c4234b32ebb45aaf4f04d6bf8eaca49b1b7f4a8c10f9a63208bbd20Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9. This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
b8436092faaf18ae6c0392c009430729a21181ff6e47eb8696bfd081a924f23bLocal root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9.
5e7614c63543acb78f04d9c4e7b85a01cf23e73fb1477712065be31ad5ee010bLocal root exploit for a stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 that allows local users to gain root privileges via a long LD_PRELOAD environment variable.
6d7bdc11a3396a323aa02a43e2fdb992917edce2a4b72006644e2f579e17c406Local exploit for a flaw in Linux kernel that allows for group ownership change and possible system compromise. Tested against Linux kernel versions 2.4.x through 2.4.27-rc3 and 2.6.x through 2.6.7-rc3.
394ace8ae631f8551b925e291c9b4df9a9dbf06bdb3748733e63e42f78b2595dWARD v2.0 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone number lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environments). Tested on OpenBSD, Linux, and Windows under Cygwin.
9e8fef3e2e9568bdfa6a72fb1dbb6de5773363101d30bbac16e3271d4428b2f9Brutus.pl v1.3 tries to break in remotely using password bruteforcing for TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy/expn and CISCO login information leaks is also supported.
22a1eae37ef2eaae85ec019318e53838a23b29963e6428dc3f6fe36d3c8ca01cPFilter filters OpenBSD PF log files parsed by tcpdump and prints colored messages. Both /var/log/pflog and pflog0 are supported for real-time logging. Tested on OpenBSD 3.2.
06aabdf94e4b27e355ac9c84239893655812953cf957332b8fdef3f30e001dd9This DCL script abuses the old psi_mail trick on VAX/VMS systems to remotely find valid users.
b300bdc9bf7a8a50ee833fcd7c6502f1b542165feca28c88b135ae16d0afbccbA suite of scripts that were originally part of the AEnigma DIDS Project. The script snortctl is for management of the Snort NIDS. The snortfilter is a log parser and colorized.
a20e34b031a3b811e776cf26ef2b23b8da7a07a37c0d686dcea96aab426d35a4HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment. Bug fix of previous release (0.1c)
74e17c81361042e28aa21c339279aa472c86be6884323f0e8f0583ed01d48727WARD v1.9 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD, Linux, and Windows under Cygwin.
7748d8d450a96e76ab2792fc8b5e056897627e4a46cdbe2f4c1c0513fe842223BRUTUS v0.5 is a remote TCP/IP service brute forcer. It tries to break in using TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy brute-forcing is also supported.
ae062f6d34c14746efa6629ff0f71bb26b6530315949714ee106b88ce0a3b1d5WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
de328d9308ffc5500adcca4fe49a4be425aed38f7e62550cd8043829c52709a5WARD v1.7 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
bf6d61d5f2eeb2b286d8900abe800e604d3856c75e62eba1e1ade8c1622b0c92WARD v1.0 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. Wargames still r0cks. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. Tested on Linux.
3d6ac9f41626b7fe14cf0698b5eba65d9ddbf380d57d73126c87d9614543d3c5Vudu is a simple X.25 NUA scanner for Unix systems. It is written in bash for portability. Tested on Solaris.
2dcad5359323ccb260a10fc12d3502c644bce9be6574b8ac75f7bed8d285e5d2Autoscan scans for valid NUAs using the autonet x25pad gateway, logging valid NUAs that refuse connection (requiring a valid NUI to connect), freely available NUAs (accepting reverse charging) and Calls Cleared 0-67 (DTE, subaddress specification needed).
9b63dbeddbacc6e694e2152f78223667e7721b72279b8ded41e6ea2e7262d986Bounce.c is a simple program to connect TCP ports. Use it just as a telnet-like client and send a SIGINT to make it sit on the background and open the specified port on localhost. Then you can connect on this local port and resume the interrupted session, data-piped.
8c61637268c0eaba97793ac36c9f2ae4cd64864567fcb6940196fbcefadb28f6HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment.
e5c6da7e285549a3ca48d9c4a8ebfc7703a5fe454264966591225bdb240edc17
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed