Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris x86 machines.
1764caeacfb6acc3fbe32be85482da92a8fdec180449b4136f92d8edfbfc3228
The buffer overflow bug is also in Serv-U Versuin 2.5 ftp daemon. In this case, the buffer overflow is cased if the daemon recives the long "cwd" message, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Serv-U Versuin 2.5. This exploit is coded for Windows98, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.
7cb5a35c00e3e6f1813452aca09d14fdb57fd4a3ba89c8b26856789214ff4507
We found the overflow bug of Skyfull Mail Server 1.1.4. It overflows when that receives the long MAIL FROM: in SMTP handling.If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Skyfull Mail Server 1.1.4.
0057b545eb9da1b22336a25403153460dec69e5aaa9e5f39e32cb6f0c487e3fa
We found the overflow bug of TinyFTPd Ver0.51. It overflows when that receives the long user name. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the TinyFTPd Ver0.51.
b192ded779312b596b0f4526c4736bedf144020badf03074e1420cae3448d82f
URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific Software Publishing, Inc. (http://www.urllive.com/) has a "../" security problem, any users can download any files on the victim host.
dacc942f693a3194c253179e986fa6b5f04314b4f85b01771f5f40b38603f0f1
Local root exploit code for buffer overflow in uum for Japanese Linux.
6883ef84c1d928fa1e9805d6ee8cd081c57968245eace2e2072ea8083a28edcc
At the initial authorization handling of WebBBS, If the long longin name or password has been received, this CGI overflows. This overflow overwrites the RET address, EIP can be controlled. This overflow is used to execute any instructions which are included in the user name and password.
6fabd952734503ddb8a5be6907794eb1cc3ef1ea5818b6ffc671fea9adf2308e
We found the overflow bug of ZOM-MAIL 1.09. It overflows when that receives the long attachment file name. If ZOM-MAIL 1.09 recives the e-mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This program can send the e-mail to any e-mail address, which is contained an exploit code that removes a "c:\windows\test.txt" file on the host.
e7d4cc605a7a1bf256d1c94b4051fe6008fbc9ed9b3cb9cd250ed29ca9985b11
This utility extracts the username and make a userlist file from the html file of "user's page" which can be often seen at the ISP's web page.
5ff789059d09d32aa205b9714be3ecaacdc941d3055db336da242e615fce3a89
ftp trojan logs the hostname, username, and password when the local users use the ftp.
8a3d1bd7795300d33e45002f6a46e071fbefb450870201eac7e1aeee73cf0a9c
This program is one of the ethernet packet sniffer for LINUX, FreeBSD, SunOS4.1, Solaris2, and IRIX that can log the all packets in each session of telnet, rlogin, pop3, ftp. If you install this program in the cracked server, you can also know the cracking process and the location of rootshell by the crackers. The logs of this tool is the evidence of the cracking, this tool is also useful for admin.
df2a9e01a85bafb69aa416188ed1cea017047015bc99aa5c1a9d0cd67e4d0ac5
A generic banner scanner. eg scan for qpop 110, wuftpd 21, wingates 23, telnet banners 23, etc etc
6c91acdac7860bc6c8f947323fff0c03f4c97d8fd8cebfb891ee6248e6f1150c
This is one of the rootshell program. This program will be rootshell if you specify the special argment. If the special argment is not specified, this program calls a specified program. So, you name this program as well known suid program, it's very difficult for admins to find.
ba06871c2d769a971556d49a3506b1b662ad02c2bd398bf1eee677942ec8d211
Improved version of hrs. You can easy install hrs by this shell script.
bb00d2adbb3299e05be6dd492a6aa1c6f7109d49838345be8584b4595bcec1ab
This program can add the fake log to HTTPd remotely. Posted by root., Jan.08,1998
973bdafafcf97232c3e363dbb2a5b2b6aaa53f9c5fe933b53fd19c0c3c06cfd7
IE5 location.replace overflow exploit by L(phyx@i.am), Sep.21,1999. http://layer.webprovider.com/
15b0ebaed0ced7c91c142109eba13d162499fe92c2465e089456ee5db7f924d9
Source Viewer Changer for Internet Explorer 5. Posted by L(phyx@i.am), Nov.4,1999. http://layer.webprovider.com/
7f83abb0f45706c3732128783229a116df017d89159a7cc9c7a535cfa1669cb6
This program checks many IRIX security holes automatically. If you are admin, can check easily the security vulnerabilities of each IRIX. Don't use for the auto attack. This scanner contains the ttdbserver attack, this function is based on the script which is developped by the rootshell. thanks.
fdb645ddef470ad46457b433af158fdcca322e238d6798e1a9c1d9a0dfd44190
Blute force attacker ShirakiYoko for Java.
e2fe49cb5a968a483f7b3eb0adf2c265af332c4317f58d4ab26b5473dd972a51
ICQ tool for Win32 that can retrive IP address and port by UIN. Posted by DENPA, Oct.07,1999. http://denpa.lovely.to/
61eaa07186503231cb8fa8d922f891af833de0b4c5b3e45ae79096cd1d8fc551
If the access log is wiped by using the log wiper, the logs are not displayed by the last command. However, the general log wipers such as "zap" write the null on the specified entry of logfile, so you can check the log files whether the logs are wiped. This utility shows the all entries, you can analyze the logfile.
3d85c540b4466b4f0046f37f7823bf8d909d2cfc7cca3cca4fd844009d00ddb0
logo.gif
fc83bbc9d0f537278b89d38d03ef5df8208286018a7fe8f9f79ed82e9abec9fc
This is the telnet trojan based on GNU telnet. The all operation which is included the server name, username, and password can be logged. This trojan can be installed with non-root user, if the user account is used by many crackers, you can also know the cracking process and the location of rootshell.
772aa87aaaff02ac2c8e2fbdb7bac4c795c3cfc7038c374d173d70662003a04c
This is GUI based full connect port scanner for Win95/98/NT.
b5baa6d469f75c334a6e2f77686ffa588a58410b55241b92d97f3c52d35c4a24
Exploit code to crash (BSOD) Windows98 machines with malformed packets.
c18592cd0ddecd34eaa2f74ed2587c3765cbbe4944d27a4857d87fef795ef294