Links to local files can be used to subvert restricted access Windows machines which have access to a web browser. Executable program loggers and restrictions are defeated by using .CPLs. Large problems for network administrators could arise if students and employees, whose access was restricted, start to use the links provided on the document. This one can be used for Windows NT as well.
234de534de460ff560d2c4e10ffc29836b4a4bf3e212c709391e5f346aad8352
HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment.
e5c6da7e285549a3ca48d9c4a8ebfc7703a5fe454264966591225bdb240edc17
This makes the same thing with "kiss of death". It crashes TCP stack of win98 boxes. An essential tool for all. Now it cames with parameter support and better performance with multi-thread system. Windows based executable for IGMP DoS attack.
81d6d49b1b77cbe5fcbb5b9901c647fe01da65305f93a654c0afe9fb4f64bea2
Remote vulnerabilies in the popular free email software Outblaze
5df78eeac0f105290b292936d7e3625d27b887b8dc7cbd37aa936f63bb2db1d7
Easy to understarnd text file explaining the TCP flags.
1c030f8e8e4c7160a326685f5b35462c47bc4ebc8fda48ecb0cd8500baa9ac8d
EthFw is an ethernet firewall for the FreeBSD kernel. It consists of a kernel patch and a console application for configuring rules. It can be used to accept or deny mac addresses.
0206854d01f72c2e010a9ed9a4029cbdd0d35fa013cbc4ff035a646510647e15
Debian 2.1 local exploit - A vulnerability exists in the apcd package shipped with Debian 2.1.
20e0a1a9330cb3eb2152bce084249704d36e1eadd4f26b6d3b357b6c99c71410
An optional third-party port distributed with FreeBSD (Delegate) contains numerous remotely-exploitable buffer overflows which allow an attacker to execute arbitrary commands on the local system, typically as the 'nobody' user.
2349a26a318c7b3033748205014c57ea922b76e6da69a25737073b424924a0e0
Two optional third-party ports distributed with FreeBSD (Asmon/Ascpu) can be used to execute commands with elevated privileges, specifically setgid kmem privileges. This may lead to a local root compromise.
2b675c143290527b89a549402414df4e6071bfdc3af5dd1a27f5c99d9440c401
Windows Security Digest Update - Two risks were discovered: Microsoft reported a problem with its Internet Explorer version 4.x and 5.x that may expose files on a user's system with their permission, and a problem with Win2K Professional that may allow an intruder to gain Administrator access to the system in a particular window of time during the installation process.
9f9ab027f4b3eadea188d3b79b4b9f96c5bcbd0b91aa9a7a06d1aa4d132f2c6b
View RAS passwords (locally) on a Win 9X box.
a9db317d2f40d7b939832ae65878c53366c226fd9548dda416333efe0f13d6f9
Paper explaining man-in-the-middle attacks, using a secure web connection as an example.
e133e7778ec82962f986820746e4d99c549bec2941a5f9f34c67ad18059944a3
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
ec9858bdaf36e5e60ef17b7ed94935257559bad4767aa8e9115fdc554b149fce
asmon.sh - A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Local root overflow. FreeBSD 3.4, 3.3, 3.2, 3.1, and 3.0 are affected.
911f207a0f8d6a25d7a509d2f1e665dc06ececed17e36c50b885d1c48567b0d3
Solaris (x86/7.0/2.6) local exploit for Sun's WorkShop 5.0 compilers and other products which use the FlexLM license management system.
36f48483c510695fffacc84e31f2a1eb85905b9dce7b7b3fd7e17098fbb11263
Microsoft has released a patch for a vulnerability in an installation routine associated with Microsoft Systems Management Server (SMS). The vulnerability allows a user to gain elevated privileges on the local machine. Microsoft FAQ on this issue here.
46397ae9044894ea6dd2a0ed3e42942ee9a30ebf6bcd52009563b5d7bc758584
A little mail-like 'smurf' that uses mail relays instead of broadcasts.
126ffdb072440ea199f8c3cf4a9f678df92c6ea8c85fdced2af0b70874d3668b
Some code I put together to do some testing on the POP3 daemons on some machines installed at work. Attempts to overflow user/password variables.
66d36de7633bd79a74baa7b18fea4a59b9256c0aeee7c3c1b4c4794f411d831b
Alpha patch for FreeBSD that randomizes the sequence numbers sent by TCP to circumvent connection hijacking and/or spoofed connections (3-way handshake acheived by guessing sequence numbers).
ab5c71478fa83d7120ef65390ec11a21f1ec6c3dee83be9dcba8edf4dd6bf895
Microsoft has released a patch for a vulnerability in web applications associated with Microsoft Site Server 3.0, Commerce Edition. These applications are provided as samples and generated by wizards, who have unwisely allowed inappropriate access to a database on the site. Microsoft FAQ on this issue here.
f0ea22e2f6fcdb79f7f031cffdb3d616b72c3db091aa09ad12853c262adf569b
TalonDynDNS is a Dynamic DNS client allowing you to use JustLinux.com's free DNS service under windows.
47a73586aa71760395fde9325796d00c3c5e5cc452e222e447f8e41954680f63
Microsoft has released a patch for a vulnerability in Microsoft VM. The vulnerability allows a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet, provided the full pathname is known. Microsoft FAQ on this issue here.
45f78ff85a497b769b32bbc5a4d880b9fc1c26fdbfcd6eaa0c9b5ca5aeae1852
Madscan scans for sites which do not block broadcast IP addresses. Based on broadscan, but 4 times faster, and supports scanning a full class A address space.
8a263b5fd823f5cd845ca898388b2e9d3103fb7666d850bb4e46c68150490c19
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. Debian security homepage here.
b69aaf3aa0798c606d84b6b3aa4b2ee5637bab4fd96f99f9aaf3bdec071ee96f
Many Windows programs (word, excel, wordpad, etc) allow you to break out of a restricted environment, using common sense hacks.
39be7595afd6f8bb040897a7580b5bffd80cae67e08c97fa642f17c59c8ff9ef