Ifstat is a command line bandwidth monitor for Windows.
e4a5e1b10455498a616f0d9b0d3dddef23475c52429b5ee263547c4155f56c6f
Mirc trojan, as described in Microsoft Knowledge Base Article Q328691.
798655574930ea301312805e2314c57485ebd327d3a5eeec4c9fb1d9884eb519
Bish.c is multi-platform shellcode tested on FreeBSD 4.6-PRERELEASE, FreeBSD 4.5-RELEASE, OpenBSD 3.0, NetBSD 1.5.2, Linux 2.0.36, Linux 2.2.12-20, and Linux 2.2.16-22. Based on code by Zillion, added setuid().
74d9b908afde9dc5d569ea71e671de85b3c81ce631b4ef0d9bb20b74743289f2
OpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis.
c88611b47510d29c7ffc79305da0f9f807c86eca08d9f8b917f5dc22497b79bf
Finding Vulnerabilities - This paper explains the auditing of C source code to find application exploits. Includes a practical example of how to hack an IDS that was coded for a website.
9a48e28edc710e3b6eb7dfe1ecba2cec826785f99ff2ef8c0174fa6e04e4a18c
Shellcoding - How to write shellcode for Linux/x86. Includes parts I + II.
ab9b8ac49332beb7d33224ea976173ece2c5d27c3e8ef84a8f08f0888ea062bf
Linux x86 shellcode which does a chmod("//bin/sh" ,04775); set sh +s.
73a8c94b4834ab4ee35bd22fb4b7e554437291febd01c57f6bcc0097963686f5
Linux x86 shellcode which does a write(stdout,"bob from DSR", 15); exit;.
04c216d2661400f510d03ed170a51474fea2bbbd044a369889d0cc9dbb7ae928
Linux x86 shellcode which does a setuid(); execve(); exit();.
fcc33d1d4463f6e6216c770d49c99329c3d91bd9514881a689a27f43b566c7b2
Linux x86 shellcode, to open() write() close() and exit(), adds a root user no-passwd to /etc/passwd.
ecb8d8439ae492600571dd2b132d0cd576f63a9529137b7ed872348f993c984e
Linux x86 shellcode which does execve()/bin/ash; exit; in 34 bytes.
1c5867190284199a34f431a90516c4ad9cc0b7800020a274f5ca0999fa97fafe
Linux x86 29 byte shellcode.
48560a596340c96401aef340150dccc2653630871f8e1d9de9742ee45cb25fac
iDEFENSE Security Advisory 09.16.2002 - The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These five programs are installed setgid kmem by default. Exploit information included.
7e94c4f007a31e6fd200b33983f4a6d729c2a8d77e98c69c2ccededfca5bc453
FreeBSD Security Advisory FreeBSD-SA-02:39 - The kvm(3) library, which provides a uniform interface for accessing kernel virtual memory images, leaves open file descriptors to /dev/mem and /dev/kmem, allowing other processes to read kernel memory and disclose sensitive information. Affected applications include asmon, ascpu, bubblemon, wmmon, and wmnet2.
f72b00ab99acc2936edb12f08a3e65add79a59f5621825156f3b6c59c5e8ac0d
NSSI-Research Labs Security Advisory NSSI-2002-sygatepfw5 - The Sygate Personal Firewall v5.0 does not log or block packets with a source address set to 127.0.0.1, allowing denial of service and other attacks. Tested under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K Professional.
2040a3cfff094c044ece3e6a71854d2ed823fb4444b7f1e1eee639ea57f4aad4
Patch for dsniff-2.3 that allows you to record gadu-gadu messages, a popular communicator in Poland.
7620d8f0a7035851281f076e7dbafb22cdbc9de75c2b568aa06c005d34698db1
NetworkActivSniffer v1.4.2.2 is a packet sniffer for Windows 2000/XP. Can filter on IP address, port, packet size, protocol, or sub-string searching of packet content. Also, you can search for a sub-string within the current list of packets, save the list of packets to a text file, view the contents of each packet, and more. Also can sniff and analyze HTTP.
fa8377680ad2eaa47c055bf3c788eac60f47eee1a004e13ee858fda98e110363
Linuxconf local root exploit for Mandrake 8.2.
bbdecd617d05c630f7b5a45d0f9bbe2c7853751345d776a2859834b022570a38
Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
225452edd0039218dbef8e1281881a19422f672c85b9f7ba66194e86edd4ca3b
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
cfad84a3b60e9aefcab326a67f908659c71963d0f217de7d5da83685e154fd07
Pwck local exploit for Redhat 7.2. /usr/sbin/pwck must be -rwsr-sr-x to give a root shell.
c4882ccc3d4f9f4c6a1e003c6f7cf32c896853a5cbace6ce73771f3f3f73136b
The Art of Unspoofing - Describes several methods to track down denial of service attacks and includes a patch for Bind v8.3.3 and 4.9.9 which adds logging of external queries regarding domains the nameserver is authoritative for.
d4b82df78914aa7c41cf19cefad111b8b329311ecdc48509f3f748cee2d4f690
Atftp tftp server v0.6 and below contains multiple exploitable stack overflows. Includes local exploit.
bb7bf00e211f49a798a097f40519d7f866c03973f54108b0f2b7732def3437fa