Microsoft Security Advisory MS03-002 - The Microsoft Content Management Server 2001 contains a cross site scripting flaw in an ASP page.
5f9a08fd4a965c6bbfb642a30dcf8d05
55hb is a SSH account brute force auditing tool written in expect. Allows you to specify hosts, password lists, and a user.
16da26e552c32d0f52c78a0331e4a5e4
Kernel Based Keystroke Loggers for Linux - This paper describes the basic concepts and techniques used for recording keystroke activity under linux. Includes proof of concept LKM which is stealthy, works with recent distributions, and is capable of logging local logins and ssh sessions to and from the host. Tested on Slackware v8.0 with kernel v2.4.5.
a9615f10eaef0364e7e748a96c2fb1c1
GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0.
619d5fe13a0c7cbcdc31462b9aab2591
FreeBSD Security Advisory FreeBSD-SA-02:08 - A race condition during exec allows local root compromise. A race condition exists in the FreeBSD exec system call implementation. It is possible for a user to attach a debugger to a process while it is exec'ing, but before the kernel has determined that the process is set-user-ID or set-group-ID. All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are vulnerable to this problem. The problem has been corrected by marking processes that have started.
d01d62114dbd97adf1fd167c813cd187
There is a remotely exploitable buffer overflow in ICQ v2001A and below. Attackers that are able to exploit the vulnerability can execute arbitrary code with the privileges of the victim user. There are 122 million vulnerable clients. Full details are discussed in VU#570167. An exploit is known to exist. Voice Video & Games plugin installed with AOL Mirabilis ICQ Versions 2001B Beta v5.18 Build #3659 and prior is also vulnerable.
c8d272590ca4613ec1a4cac1ae2b3505
This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.
f84c8fdc8a46ebf7eb620006ec7dd07d
Windows 2000 Format String Vulnerabilities - Includes detailed discussion of how format string bugs in fprintf(), vprintf() and sprintf() calls they are created, discovered, and exploited.
f08de556c293621dc8bbde597c7b51c3
trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
30e6999a115ab145c17d2351744c1bda
Arirang is a powerful webserver security scanner with many features. Checks over 700 vulnerabilities. This is the OpenBSD/NetBSD/FreeBSD version.
e5fbca4ae12308dd8edc11f675841488
APG (Automated Password Generator) is the tool set for random password generation. Includes built-in ANSI X9.17 RNG (Random Number Generator)(CAST/SHA1).
e3204157078f617f7ef025f4872a8d2f
The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries over port 135 and also tries to exploit MS SQL servers if it is presented. With its built-in SQL Server exploit you can execute remote commands as Local System. Source code is freely available on demand.
6904f9d4553cfc85ac0b86d6f3bf1aa5
Deltaflown , it is a ICMP/TCP/UDP packet forger which is very easy to use. It is coded in C and it can be compiled on a linux machine or on another UNIX if you change the name of headers.
85f18c41b17393f8b4907640ad46d7b7
55hb is a SSH account brute force auditing tool written in expect. Allows you to specify hosts, password lists, and a user.
5bb81bf06b550aff6dc23d6199c0084c
Header Based Exploitation - Web Statistical Software Threats. When people visit your website, certain information is passed from the users web browser to your web server/script. This information contains data such as what browser they are using, the last site visited, the file they requested, and other information. This paper was written to help you understand how an attacker can use these information fields to exploit your web statistics software. Includes info on SSI Tag Insertion, HTML Insertion, and more.
ac4bb0330c08f7582dfc40695a51cf75
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
56b40532ec8f1f3089de8ec4fe7f5f4f
Debian uucp v1.06.1 local uid=utmp or root exploit. Trojans uucp and uux, attempting to get a root shell. Based on an exploit by zen-parse. Tested on Debian PowerPC Unstable.
c288ab795b3f52d9cc85af362801096c
NetBSD Security Advisory 2002-001 - A vulnerability found in the ptrace implementation on NetBSD 1.5.* , 1.4.* and CURRENT (prior to January 14, 2002) systems can result in race conditions where it is possible to use ptrace and SUID binaries to execute code with elevated privileges.
413f80cd0aca939c1288738bae4d6d12
ICMP Shell is a program written in C for the UNIX environment that allows an administrator to access their computer remotely via ICMP. More info available here.
873a0975dea090b68c1e0304885cfd5a
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD. Tested on Linux 2.0.x, 2.2.x and 2.4.x (any distribution), FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9 and 3.0, Solaris 2.5.1, 2.6 and 8.0.
edf50a9c8c6bf09b0a9147f2e6168826
Mailstation.pl exploits a DoS condition in the Intel eMail station.
3998d634b2590fe61b0141901e34af8c
Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option.
9e59a59251ace6f72b61e53cd1843f1f
FreeBSD Security Advisory FreeBSD-SA-02:07 - The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, and the su command included in the heimdal port, versions prior to heimdal-0.4e_2, use the getlogin system call in order to determine whether the currently logged-in user is 'root'. In some circumstances, it is possible for a non-privileged process to have 'root' as the login name returned by getlogin. You don't actually want that to happen, trust us.
208b22a679028eed6a4f847a57e20216
Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.
228228e20fdbea6cba09e2718ad8cad0
The Avirt telnet proxy v4.2 and below has a remotely exploitable buffer overflow. Tested on Win2k. Strumpf Noir Society
b632a6b63e2d05565a9262df9e24891e