Tcpdump v3.5.2 remote root exploit - Tested against X86 Linux. Exploits an overflow in the AFS packet parsing which requires the snaplen (-s) to be set to 500 or greater. Fixed in v3.62.
f8bece3b4c4cdecd77844f75e71dd0972eedfa3379f9b4b2e2c8349ff924afcb
Solaris /usr/sbin/arp local root stack overflow exploit.
b37113d4b5f35ea2807811dceb90d932c062e88b41f082fffecbf6522cc7344a
Microsoft Security Bulletin (MS01-001) - The Web Extender Client (WEC), a component that ships as part of Office 2000, Windows 2000, and Windows Me, does not respect the IE Security settings regarding when NTLM authentication will be performed - instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's web site - either by browsing to the site or by opening an HTML mail that initiated a session with it - an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute force attack, or with specialized tools, could submit a variant of these credentials in an attempt to protected resources. Microsoft FAQ on this issue available here.
2879fb12eaf812aa96d02092ee3c430b3a4aa6204edaf13c2cc855f7b7b354c6
Patch advisory for Sun Microsystems. Please read for details.
ca226858f47414813867a5df9802d7a90f90d91e94f14f30eb774bcd505f6175
ProFTPd remote dos attack - Exploits multiple USER ftp commands to consume all available memory. Does not require an account. Written in java. Tested against ProFTPd 1.2.0rc1 and rc2.
1009450358c2059ee3d23a6f12fb7f622aed0047e1b3cc25606fc2efb9a087f9
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
68e2bd7b96d5fe4f9afc760d7d7c9787215c430c2cb2ff9f469a2cbe2a5e525b
Red Hat Security Advisory RHSA-2001:001-05 - A couple of bugs in GNU C library 2.2 allow unprivileged user to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. This allows users to create or overwrite a file he did not have permissions to.
f093940dbad2e26f43305ea5252e4af144e7fdcd7673d8c14438879648f383ea
Telnetfp is an OS detection tool which uses do / dont requests via telnet to determine remote OS type. Contains 72 OS fingerprints.
ae48c9908a16c1891aecf361d8d8926967db8faac2b155964f6fb83ddb47c8d7
Accp.exe recovers lost passwords on MS Access 97 mdb files. Ported from Java.
1089cee0ab4745d52ee9307f5442af1e37c0ae6953568b5791596ed04a4265f3
Pudding is a proxy which recodes HTTP requests using most of RFP's IDS evasion encoding methods, plus random UTF-8 encoding support. Allows any web aware program/exploit/cgi-scanner to evade IDS without modification of the original code. Encoding methods include all uppercase, hex encoding, /./ directory insertion, fake parameters, premature URL endings, windows delimiters, and random UTF8 encoding.
c8a75f47892cf9971dfce9a19962ee940b44b6217ab7982e7299601b07617e91
Enabler.c attempts to find the enable password on a cisco system via brute force. Tested on Cisco 2600's and 12008's and has support for login-pass as well as login-only devices.
6c9df24566f021f2620f2e21a1865e88c3f4961ebb5920182e11f1f413bbba6a
CERT Advisory CA-2001-01 - Interbase is an open source database package that had previously been distributed in a closed source fashion by Borland/Inprise. Both the open and closed source versions of the Interbase server contain a compiled-in back door account with a known password which allows any local or remote user able to access port 3050/tcp [gds_db] to manipulate any database object and run arbitrary code on the system.
5297ff0a53b5eba8336466e8f9e3e1e95fe113d05804f9acb97fa56acbf32e90
Whois.pl is a remote exploit for Fastgraf's whois.cgi perl script.
805a20d41225bbbbdd659b9161bb4d4a47c0dad781d97b2378c5e7f8c4611a81
Port Scanning and OS Fingerprinting - In Spanish.
d29a0debb8f1e6c0c65c683ae42886381e2e396da3357cddb29a156f530e67d8
Shield is an aggressive, modular firewall script for iptables which features easy configuration through a BSD-style configuration file, optional NAT support, TCP-wrapper-like functionality for service access, port forwarding, routable protection, DMZ support, and more.
24a084a5ba0a63cec04ba9426739838db24cac2e63ad1dc170ad28bf35038bb2
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
5e257060611413078e8d09f1b2748e598fbd04ca9e3b4aa6f929985f3128172c
Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize out of band authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
2501234803ac6b54eed610f20151d1d79104449f2408775172af01f2afdb3cde
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
50ebfaac77ffdf952605eed675104784a9dd48cc0bcce2d568013cab5314cc64
BitchX is a popular IRC client which is a modified clone of the popular ircII client. It is available for almost all UNIX OS's as well as Win95/NT and OS/2.
bee2994c4baec2363fe0385ea974930e8eaadce3b060dc5c6d862a9909ed778f
Sendmail is a very popular unix Mail Transfer Agent, a program that moves mail from one machine to another.
39fe0eaefdae87db2307967379ab753da702e85abdcc6f3e6ace2814df8930db
Adore is a linux LKM based rootkit. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
426425af2fe14766dcb5ee37af975be1d81fe96943bde9e12671fbf26a899a21
NSFOCUS Security Advisory (SA2001-01) - The NetScreen Firewall / VPN Appliance has an overflow vulnerability in the web interface which allows remote users to crash the firewall with a large URL. All current versions of ScreenOS, including v1.73r1, 2.0r6, 2.1r3 and 2.5r1 are affected. Perl exploit included. Fix available here.
70f617f094a0ef22f7feb26417d3e3c0d3d45dad8472030861c6f0a3edeae2e5
The Bat! v1.48f and below has a client side vulnerability which allows malicious mail messages to add any files in any directory on the disk where user stores his attachments.
1adbf87e7851d5d7a9b23c17e6184b5d212a67dbc7d0715a21f84ca3f403a183
Defcom Labs Advisory def-2001-01 - ImageCast V4.1.0 for Windows, a rapid-PC-deployment tool much like Ghost, has problems handling malformed input which result in a dos attack against the ImageCast Control Center.
39f8a768d3f4a48a511b385ecf3c598de70d7bb5bec3da86c6b00e75380a0698
Kaufcrk.pl is a perl script which decrypts encrypted passwords found in the Kaufman Mail Warrior accounts file (MW35_Accounts.ini). Tested with Mail Warrior v3.57.
6d02da50dd08b699b4b48b9f13ec09a55001f57bb78271dbcc40120a265e8294