Local root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.
95a7207a7051562030ac705492537b56b8b7240a2c9e35e9973ec9e34e4a0c48
Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
bfeb19101920045f9d6f6904868ad67701158aa7b9bc94f200fad68320b7c937
Local root exploit for a vulnerability in the passwd circ() function under Solaris/SPARC 8/9. This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
a6e61ccf2c4234b32ebb45aaf4f04d6bf8eaca49b1b7f4a8c10f9a63208bbd20
Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9. This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
b8436092faaf18ae6c0392c009430729a21181ff6e47eb8696bfd081a924f23b
Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9.
5e7614c63543acb78f04d9c4e7b85a01cf23e73fb1477712065be31ad5ee010b
Local root exploit for a stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 that allows local users to gain root privileges via a long LD_PRELOAD environment variable.
6d7bdc11a3396a323aa02a43e2fdb992917edce2a4b72006644e2f579e17c406
Local exploit for a flaw in Linux kernel that allows for group ownership change and possible system compromise. Tested against Linux kernel versions 2.4.x through 2.4.27-rc3 and 2.6.x through 2.6.7-rc3.
394ace8ae631f8551b925e291c9b4df9a9dbf06bdb3748733e63e42f78b2595d
WARD v2.0 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone number lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environments). Tested on OpenBSD, Linux, and Windows under Cygwin.
9e8fef3e2e9568bdfa6a72fb1dbb6de5773363101d30bbac16e3271d4428b2f9
Brutus.pl v1.3 tries to break in remotely using password bruteforcing for TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy/expn and CISCO login information leaks is also supported.
22a1eae37ef2eaae85ec019318e53838a23b29963e6428dc3f6fe36d3c8ca01c
PFilter filters OpenBSD PF log files parsed by tcpdump and prints colored messages. Both /var/log/pflog and pflog0 are supported for real-time logging. Tested on OpenBSD 3.2.
06aabdf94e4b27e355ac9c84239893655812953cf957332b8fdef3f30e001dd9
This DCL script abuses the old psi_mail trick on VAX/VMS systems to remotely find valid users.
b300bdc9bf7a8a50ee833fcd7c6502f1b542165feca28c88b135ae16d0afbccb
A suite of scripts that were originally part of the AEnigma DIDS Project. The script snortctl is for management of the Snort NIDS. The snortfilter is a log parser and colorized.
a20e34b031a3b811e776cf26ef2b23b8da7a07a37c0d686dcea96aab426d35a4
HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment. Bug fix of previous release (0.1c)
74e17c81361042e28aa21c339279aa472c86be6884323f0e8f0583ed01d48727
WARD v1.9 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD, Linux, and Windows under Cygwin.
7748d8d450a96e76ab2792fc8b5e056897627e4a46cdbe2f4c1c0513fe842223
BRUTUS v0.5 is a remote TCP/IP service brute forcer. It tries to break in using TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy brute-forcing is also supported.
ae062f6d34c14746efa6629ff0f71bb26b6530315949714ee106b88ce0a3b1d5
WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
de328d9308ffc5500adcca4fe49a4be425aed38f7e62550cd8043829c52709a5
WARD v1.7 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
bf6d61d5f2eeb2b286d8900abe800e604d3856c75e62eba1e1ade8c1622b0c92
WARD v1.0 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. Wargames still r0cks. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. Tested on Linux.
3d6ac9f41626b7fe14cf0698b5eba65d9ddbf380d57d73126c87d9614543d3c5
Vudu is a simple X.25 NUA scanner for Unix systems. It is written in bash for portability. Tested on Solaris.
2dcad5359323ccb260a10fc12d3502c644bce9be6574b8ac75f7bed8d285e5d2
Autoscan scans for valid NUAs using the autonet x25pad gateway, logging valid NUAs that refuse connection (requiring a valid NUI to connect), freely available NUAs (accepting reverse charging) and Calls Cleared 0-67 (DTE, subaddress specification needed).
9b63dbeddbacc6e694e2152f78223667e7721b72279b8ded41e6ea2e7262d986
Bounce.c is a simple program to connect TCP ports. Use it just as a telnet-like client and send a SIGINT to make it sit on the background and open the specified port on localhost. Then you can connect on this local port and resume the interrupted session, data-piped.
8c61637268c0eaba97793ac36c9f2ae4cd64864567fcb6940196fbcefadb28f6
HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment.
e5c6da7e285549a3ca48d9c4a8ebfc7703a5fe454264966591225bdb240edc17