OpenBSD execve /bin/sh shellcode - 23 bytes.
8f00e44c4a45338b557e7499f30b7b8bda9809aa9a64fff1af2fdfa4189b5661
Cfingerd prior to v1.4.2 remote root exploit - Takes advantage of the syslog format string bug. Tested on Debian 2.1 and 2.2.
70f413a4d20fd258ec79ede4b34842fe8435ef1209fb32fae0d717b0718d3107
Ronin.c is a FreeBSD-4.2 remote root exploit. Requires user access and a writable home directory without chroot.
d2e33c037790692c389b96a7601e8f1408b6545023a8abce9baf0cbcdda89c20
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
741b2174f1d45b58f7cca7e4db1350122e6d08c2efe2f6c730443a283ac7d7fa
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
6feda35afe8a18ce578080c77f7a2f91d4a84d46bdb43ac7788feb8c64552cba
Jail is a chrooted environment using bash. its main use is to put it as shell for any user you want to be chrooted. Their primary goals is to be simple, clean, and highly portable.
938b8986029b7595504857489b600ded2f0f24a824a7891db64affb1107f7e3b
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
d32c240679204649fcf05a4aa3a006414e98f8ffd021ddc409cdea6c2656a0d6
The G6 FTP server v2.00 freezes if told to create a directory "COM1", "COM2", "COM3" or "COM4".
716e570229564b04ebe6d9eb93f65830929d5d4b253495f360aab2e142e6e52f
Wolf Attacks 1.8 - Includes over 70 dos attacks in one ksh script.
04665bc8164acc5c3e762db3daa590cdad05e739caae693c77b65b6f611a018e
Stealth HTTP Security Scanner 1.0 build 22 - Checks for 2883 http vulnerabilities. Run on Win32 and Linux under Wine. Free.
82260d87a282b393b077b7cde1303822ee9957ae526e01c78056016d7240e7e5
CERT Advisory CA-2001-10 - Buffer Overflow Vulnerability in Microsoft IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.
f215451f6d6376e8b5ed3f0beb0666e204a7f74278f6a383259175da5237fb79
Red Hat Security Advisory RHSA-2001:058-04 - Updated mount packages fixing a potential security problem are available. If any swap files were created during installation of Red Hat Linux 7.1 (they were created during updates if the user requested it), they were world-readable, meaning every user could read data in the swap file(s), possibly including passwords. The affected swap files are called /mountpoint/SWAP and /mountpoint/SWAP-(numeral). The new mount command enforces sane permissions on swap space.
124b8b8ddbcaa829ee3032564a659dd5977018fbbda66ea69f56615192c30a6c
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
62226780f8631029198e451e6a4531a59fa349cf2cbc6aeb0dada91d144be116
LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.
1de7821846c64cd5d4168a036843a4cea66368f91eaf9ef6b0e7ee18e1f4daf0
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
70f37c5a7ca4018a0086bef3aec281a74a711d1ee06b470652095d11310979d2
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
e53c93c7698f2df8bd31c289b00bcdaf6bb7b30e422ddb8b921488ad923178a2
Eeye Security Advisory - Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access). Affects Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1. The vulnerability arises when a buffer of aprox. 420 bytes is sent within the HTTP Host: header for a .printer ISAPI request. Successful attacks are not logged in the IIS access logs.
823ece01e6bb14f8b3fbea2b4d268322ebb462e32c5dedd81802824820639ecf
Windows 2000 / IIS 5.0 sp0 + sp1 remote exploit. Overflows the Host: header of the isapi .printer extension. The included shellcode creates a file in the root drive of c:\ which contains instructions on how to patch your vulnerable server. Compiles on Windows, linux, and *bsd.
9fff87f325e3b0b2e95b688b5c791f29e66f7277f9fd816703595f63a89b9eeb
ISS X-Force is aware of a vulnerability that can be used to attack Microsoft Internet Information Server (IIS). This vulnerability may allow an attacker to compromise a host running a vulnerable version of IIS. The compromise may lead to Web page defacement and theft of sensitive or confidential information. In addition, this vulnerability can be used in conjunction with other exploits to further compromise affected systems.
775b962801b88729d6a6728a04293da2e67437ad128f3b5ef34731e52f9cb69e
FreeBSD Security Advisory FreeBSD-SA-01:39.tcp-isn - FreeBSD systems prior to 4.3-RELEASE contain vulnerabilities in the TCP ISN's. Protocols which authenticate solely based on IP address are vulnerable to blind spoofing attacks.
700f3059198dd27dcf3b53b265bad6f0fc17a276e98cf8ee1f2a96aa3ccd7ba9
Windows 2000 / IIS 5.0 + SP1 Internet Printing Protocol vulnerability test. Causes a memory leak and reports whether or not the remote site is vulnerable, but does not contain shellcode.
7acc303c4980d09fc650229e55553b5c0ada450b62f78168bace6cbcf5152918
Packet Storm new exploits for April, 2001.
1ee99a479d4700f9ed4ba3fc1f4a5c8f7734614567248a0d84cc0031c6ff919f
Cert Advisory CA-2001-09 - Many systems are vulnerable to Initial Sequence Number (ISN) attacks, allowing attackers to manipulate and spoof tcp connections. Many systems use the Central Limit Theorem to protect the ISN, however these machines are still vulnerable to statistical attack. If the ISNs of future connections of a system are guessed exactly, an attacker will be able to complete a TCP three-way handshake, establish a phantom connection, and spoof TCP packets delivered to a victim. Affected systems include Cisco, FreeBSD prior to 4.3-RELEASE, OpenBSD prior to 2.8-current, Fujitsu, HP/UX, and SGI.
a5cf495414857e9c5fa8708b2e706b102950f10f44a8a44da848af3b556213e6
Microsoft Security Advisory MS01-023 - A serious vulnerability has been discovered in Windows 2000's IIS 5.0 in the handling of the Internet Printing Protocol (IPP). An buffer overflow in the ISAPI extension which handles input parameters allows any website user to execute arbitrary code with the local system security context, giving an attacker complete control over the server. The server must have tcp port 80 or 443 open. Microsoft FAQ on this issue available here.
459e672e876ff12c3cc8e618df416141205863c58da36096bdcb03712f214acd
Red Hat Security Advisory RHSA-2001:059-03 - kdesu created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and can result in a compromise of the account kdesu accesses.
ba07e8c2e770d6a3392d1ba7d78a980ab3b7a12aaf0d6beae53b1a763be874b0