exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 254 RSS Feed

Files Date: 2000-06-01 to 2000-06-30

Posted Jun 19, 2000
Authored by Brad Spengler

Using the sysctl support in linux to enhance a system security against outside attacks. Includes a script to optimize these settings by echoing values to /proc/sys/net/ipv4/*, turning on kernel security features which lessen the effect of SYN floods, smurf attacks, and turn on source validation by reversed path to add more protection against spoofed packets. Tested on linux 2.2.x.

tags | kernel, spoof
systems | linux
SHA-256 | ecb153fa9297b6558f676c779fca71d43e72cda281fcdba5c8b5c5d910578a74
Posted Jun 19, 2000
Authored by Grid | Site members.fortunecity.com

a mIRC script thathacks the current window with a display of mexican nationalism.

SHA-256 | 25af6367785d36145f4ef7cfa80574451b104291a7c9775cada49267be9bc828
Posted Jun 19, 2000
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.

Changes: Added switch to slow the scan to minimize impact to slower networks, Added custom and multiple hosts on GUI (Target Mgt), Added test for INN 2.x.x vulnerability, Improved JetAdmin logic in http.sara, Improved the Custom attack level (see config/sara.cf), Improved printer logic in depends.sara, Fixed ftp.sara to properly report MS FTP status.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 84506ebbcbbe67a4ed331bd2d3446a9fd4e42551ddbea393dacb12a963cc7757
Posted Jun 19, 2000

Microsoft Security Bulletin (MS00-031) - fix Available for "Undelimited .HTR Request" and "File Fragment Reading via .HTR" Vulnerabilities. Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under some conditions. Microsoft FAQ on this issue available here.

tags | web, vulnerability
SHA-256 | 98eca05701fecabe23033301fec85f807448feab8ae6fbf412aef87bdc28cb72
Posted Jun 19, 2000
Authored by vade79, realhalo

Wmnetmon v0.2 buffer overflow exploit for Linux - Provides a euid=0 shell provided /usr/X11R6/bin/wmnetmon is suid root, as it is by default. Includes perl script to try all offsets.

tags | exploit, overflow, shell, root, perl
systems | linux
SHA-256 | 86bef23e564b83a03659996407371bf9b0c8902fe578e15b80db3ca10affd2eb
Posted Jun 17, 2000
Site wwdsi.com

SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. It is updated regularly and scans for just about all remotely detectable vulnerabilities. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.

Changes: With this version, your scans will finish up to five times faster than before, made possible by a new approach to scheduling the scan modules.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 59cc8c0607210a3caa3903db508620bfbb76fd95b591192a112e0356d4d9cb50
Posted Jun 16, 2000

Sendmail Tutorial (version 2.4) - find out why Sendmail is called 'the buggiest daemon on earth'. Tons of ways to crack into big computers as well as PCs unleashed, including, of course, information on how to block these holes.

tags | paper
SHA-256 | 61d435cba5f7a1cc881d01bf9c93a9d62fef9cf6c8b8131d6a1b7dbf8b5a8a11
Posted Jun 16, 2000
Site ussrback.com

USSR Advisory #47 - Remote dos attack in the Small HTTP Server ver. 1.212. Sending a malformed URL to port 80 will cause the proccess containg the services to stop responding.

tags | remote, web
SHA-256 | 86a55c2c873fe77149e6c2e21526691e7d5454b7fa64b69715c91a5e13aad66f
Posted Jun 16, 2000
Site ussrback.com

USSR Advisory #46 - Remote dos attacks in the Dragon Server v1.00 and v2.00. Long FTP usernames cause the service to crash.

tags | remote
SHA-256 | 761380a3626c3a294a00311b17cecc743df14fa38155757666882760a5209070
Posted Jun 16, 2000
Authored by Brian Wellington | Site xbill.org

Secure FTP (sftp) implements a file transfer protocol using ssh/rsh as the transport mechanism. When the client is invoked, a remote shell is spawned and the server is run. sftp is mainly useful over a secure ssh session since passwords are not exposed. It also has the advantage that no root access is required, since the server runs as a user process.

Changes: Supports rmdir, mkdir, rename commands, better status output, bug fixes.
tags | remote, shell, root, encryption, protocol
SHA-256 | 898827b1a3372fb60720b04a5f21989e3f0a60ade56b701f27e71e983b5876c9
Posted Jun 16, 2000
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

CRYPTO-GRAM June 15, 2000. In this issue: News, SOAP (Simple Object Access Protocol), Java and Viruses, crypto-gram reprints, The Doghouse: Infraworks, The Data Encryption Standard (DES), and Comments from Readers.

tags | java, crypto, protocol, magazine
SHA-256 | 73a3d2a43340b4bdb58234178ca1eb892824e2b2e7c2d20501c377a9969e00f1
Posted Jun 16, 2000
Authored by Wojciech Purczynski | Site elzabsoft.pl

inndx: innd remote 'news' user/group exploit. Tested on innd-2.2.2-3 default installation on RedHat 6.2.

tags | exploit, remote
systems | linux, redhat
SHA-256 | 40a254fd6187f80b20f5181e8ee23d738cce908dc6782c0452d8dc9564f32a3f
Posted Jun 16, 2000
Authored by Johnny | Site johnny.ihackstuff.com

Microsoft Access Databases are not afforded "Macro execution protection" in the manner of Word/Excel/Powerpoint documents. Attackers can insert trojan VBA code into MS Access documents to execute arbitrary commands on the remote machine.

tags | exploit, remote, arbitrary, trojan
SHA-256 | ee125bfb149060be352ecd18f260d1726c1e1597e5a2002b8d947d29c66cb513
Posted Jun 16, 2000

Microsoft Security Bulletin (MS00-035) - Patch Available for "SQL Server 7.0 Service Pack Password" vulnerability. Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0 Service Packs 1 and 2 installation routine. With some configurations, the routines record the administrator password in plain text to a log file, where by default it can be read by anyone who can read files on the server. Microsoft FAQ on this issue available here

SHA-256 | feb39363e4c4679149374ad9863858d555f192a8400d62b6ce7e2f4b909afa2c
Posted Jun 15, 2000
Authored by Moritz Jodeit | Site jodeit.cjb.net

Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.

tags | exploit, remote
SHA-256 | dc0c845f36c1df20329e24792344d24bc446161aac536e31bd3e8e9f4f21f5c7
Posted Jun 15, 2000
Authored by Alex Howansky | Site wankwood.com

Reptor is a utility designed to aid the analysis of Axent/Raptor firewall logfiles which generates HTML reports which can include traffic summaries and alert messages that are based on highly customizable conditions. It has built in support for logfile retrieval, FTP, and SMTP allow it to be easily automated.

Changes: Usability enhancments, six new detail sections, and bug fixes.
tags | tool, firewall
systems | unix
SHA-256 | 2a2cfb7fe5594ca612f8122ebeda08e36f844bf4b937c0db39ea3d3b80937f3f
Posted Jun 15, 2000
Authored by TDP

Remote Denial of Service for Mercur 3.2 allows any remote user to shut down the server.

tags | exploit, remote, denial of service
SHA-256 | 1690ffae3274ca28e04e7f58873add187369c0fbf6c03ecfca0f74620e800cff
Posted Jun 15, 2000
Authored by Renaud Deraison

Proof of concept exploit for the "Remote Registry Access Authentication" vulnerability in Windows NT 4.0 which was described in ms00-040 which allows a user of the local network to crash winlogon.exe remotely.

tags | exploit, remote, local, registry, proof of concept
systems | windows
SHA-256 | 0d522a59742b3cab17ef2324689d032e9e785a15ab459d5668296905d6083e0f
Posted Jun 15, 2000
Authored by Job de Haas | Site itsx.com

Solaris 2.x through v8 contains an exploitable local root buffer overflow vulnerability in ufsrestore. Exploit code included and tested on Solaris 8 sun4u.

tags | exploit, overflow, local, root
systems | solaris
SHA-256 | 9eccd7930a0be561b50a1d53fe6f55348b0d0226d0e0e377512167e9747f432d
Posted Jun 15, 2000
Authored by Syzop

Splitvt 1.6.3 local root buffer overflow exploit - Tested on Debian. Includes lots of cool dubugging captures from gdb explaining what is going on.

tags | exploit, overflow, local, root
systems | linux, debian
SHA-256 | 1c165f96640daf61e31a962255839951c5bc33f52d8efa132b5f781b747f5d08
Posted Jun 15, 2000

Microsoft Security Bulletin (MS00-020) - Microsoft has released a patch for the "Desktop Separation" vulnerability in Microsoft Windows 2000. The vulnerability allows malicious users to gain additional privileges on a machine that he could log onto at the keyboard. Microsoft FAQ on this issue available here.

systems | windows
SHA-256 | e6648bef5cbeee8b1c915670286a7e4929764f2fa6f4c4b8cd4bb6b28e094b94
Posted Jun 15, 2000
Site kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.

Changes: Support for kernel 2.2.16, bug fixes.
tags | kernel, encryption, crypto
systems | linux
SHA-256 | a3bd33d6d20bec46864b514c53e33185ca3d9f110eea21433e391eba63ac7871
Posted Jun 15, 2000
Authored by Brad Spengler

Linux Firewalling - Insights and Explainations. Covers basic IPchains firewall building, advanced IPchains firewalling, and linux firewall related insights and recommendations on which traffic to allow.

tags | paper
systems | linux
SHA-256 | 3c23ede6fcac5322c286ef9c78317b9d2dc6080d3c8bd5f2c70e41c164ec7673
Posted Jun 15, 2000
Site ussrback.com

USSR Advisory #45 - Remote dos attack in AnalogX SimpleServer v1.05. A malformed URL sent to port 80 will cause the proccess containg the services to stop responding.

tags | remote
SHA-256 | 5962cde8e9d34724c1d71bd9e3e0f7186e0f0a721c66586118c3c2b09ae04656
Posted Jun 15, 2000
Authored by Tom Yu

Remote vulnerabilities in GSSFTP daemon - A remote attacker can preform denial of service attacks, and local users can get root access. Source distributions which may contain vulnerable code include MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1, while MIT Kerberos 5 releases krb5-1.0.x is not vulnerable.

tags | exploit, remote, denial of service, local, root, vulnerability
SHA-256 | 1a2c3ea6b342adf0bc8373cd79e7c97b12b37dbc7002b216a38079705be27cc1
Page 5 of 11

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By