Microsoft Internet Explorer 5 and accompanying mail and news clients on win95, win98 and win2000 enjoy a unique status in that they choose to ignore user input. This document will show you how to manually force a file onto the target computer despite all prompts and warnings. Demonstration available here.
0e5a8cec453f8222f6e3e629bc30081c
Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
0d7c3cc23f7938015fe2266542809c0f
Format Bugs - What they are, Where they came from, and How to exploit them. Users can often input format strings into printf and other statments, causing the stack to be overwritten. Includes code samples and debugger output.
0f9a284535487d1ecff78e011e370e44
Wingate.py is a dos exploit for Qbik wingate 3.0. Connects to tcp port 2080 and sends 2000 characters, causing all wingate services to crash. Origional bug found by eEye.
e3c12ffd16dbf026757bbf6ce8f87904
Georgi Guninski security advisory #14 - Internet Explorer 5.01 and Access 2000 allow executing programs when viewing a web page or HTML email message. This allows taking full control over user's computer. Access 2000 allows executing VBA code which has access to system resources and in particular executing files. Includes exploit code which silently opens and executes VBA code from Access 2000. Demonstration available here.
30b9808ed4a00215c9d3ef253e27bd55
Georgi Guninski security advisory #13 - Internet Explorer 5.01, Excel 2000 and PowerPoint allow executing programs when viewing a web page or HTML email message via insecure ActiveX controls. This allows taking full control over user's computer. Demonstration available here.
a645ac971b6499c52ca87fc991933ceb
B0g Issue 6 - In this issue: A Look Into Wiretapping, getting root; the b0g way, interview with cr0bar, The SS7 Signaling Connection Control Part Relay System, Sniffing and spoofing explained, How to crack macromedia products, Fun with noise in QBASIC, pulling people's doc's on irc, IRC Quotes, and much more.
55132493657fdc292fb800ff02a81701
FreeVSD facilitates true Linux Virtual Servers within a 'chroot' environment, allowing Web servers and other applications to be deployed and administered discretely, without compromise to security. Each Virtual Server has its own IP address(es), Apache webserver, and view of the process table. FreeVSD expands the Linux system by creating a pseudo-'super user' (admin) for each Virtual Server. The admin user has the ability to create extra POP3/FTP and Telnet users and also administrate vital services such as the webserver.
704e77510bb632e4fdea82c7665f2fea
rvscan v3 beta one is a high quality unix remote vulnerability scanner. It is based on fts-rvscan but has many new additions, such as 100 new cgi checks, new bind checks, ftpd checks, bsdi vulnerabilities, more rpc checks, solaris vulnerabilities, new pop3 checks, bootp and mdbms, more sendmail checks, and better logging. It does a very thorough job, even includes some non-published exploit checks.
a70ca26bed381423ba48dcfe24205c78
Quick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
f71cf01f566565752cfe0186d257add0
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
aa2fb5d66590141e34932b7013cb78d9
A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
2f63d8f48ccd9afe6917c9af483afc1b
suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
ee631de3074b32cc5abee50fd5c95f2d
Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
8a03734daef08366c7690766b39ac3b7
iMesh 1.02 builds 116 and 177 for Windows are vulnerable to a buffer overflow that can be exploited to execute arbitrary code. Once iMesh connects to a server, it begins listening on a TCP port (varies). An attacker can connect to this port and cause an overflow which will overwrite EIP, effectively redirecting the flow of execution.
8b2233b642e513c4b6df6f1923af5f68
Smit is a simple ARP hijacking tool for switched and unswitched networks. The source is based on arpmitm and arprelay and includes nice features such as automatic ARP MAC query and an improved MAC cache consistence algorithm. You can also run Smit in transproxy-only mode and use your favourite sniffer to capture 'hijacked' packets on switched networks.
771a34d98d040d197c65efb7bf7e33a1
Sawmill 5.0.21 is a site log statistics package for UNIX, Windows and MacOS which has remote vulnerabilities. Any file on the system can be read, and password is stored with a weak hash algorithm and can be decrypted using the included C program. This is dangerous because the previous security hole will allow you to read the hash and decrypt the admin password.
95f24e0b8468ed474dad73b0c43d53cf
Microsoft Windows secret options - More aggrivating display properties.
ade01864de08be105a86509db70dc36e
Microsoft Windows secret options - Aggrivating display properties.
909e6dd36b4a909a4dcc5e043f7f76a5
Microsoft Windows secret options - Endourance options, etc :)
26987adc7b4580858a98ec1ff6ff6ab0
SING sends fully customized ICMP packets from the command line. It is a replacment for ping which adds certain enhancements such as fragmentation, send/read spoofed packets, sends many ICMP types (Address Mask, Timestamp, Router Discovery, etc) and Error (Redirect, Unreach, Time Exceeded), oversize packets, etc. Tested on Linux, FreeBSD and Solaris.
ac511f1b19c9371eb2bf9eb943740ddb
KNmap is a new KDE frontend for Nmap which supports all the scan methods and a great deal of options.
936159a35e22b449aa449cb5ef0798d2
BFBTester is a utility for doing quick, proactive security checks of binary programs by performing checks of single and multiple argument command line overflows and environment variable overflows. It will also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting initial mistakes that can red flag dangerous software.
d85331e6ebd2d1798eddd3d7bc0a2fd9
slackUp is a Slackware auto-upgrade utility. It will download upgrades to the programs you currently have installed on your system from the slackware-current tree. No user interaction required. Just type the command, go for a coffee break, and after a reboot, your system should be upgraded. Until the Slackware team comes up with an official auto-upgrade utility, slackUp will hopefully help fill in for it. This will make your slackware system much more secure.
f54250c8d2df74d4896a4d262b596b23
motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email, SMS messages, or invoke an external command when detecting motion.
29c91c01c0e0c1f625277f24b223a9e7