Iridium Firewall is a very strong ipchains-based firewall with support for 21+ network services (including DHCP, NFS, SMB, HTTP, FTP, Telnet, etc.), masquerading, online gaming, multicasting, TOS flags, and specific port and IP blocking. Protections include twelve different types of IP spoofing, stuffed routing/masquerading, DoS, smurf attacks, control of the full range of ICMP datagrams, and many more. The script is configured completely through the use of a configuration file; no code hacking is required, but it is written so that users that know what they are doing can easily configure the script themselves. Iridium Firewall is heavily commented with instructions and explanations on various topics.
53580bf99b18eaac6e7e2840452a30ef213272c5f85b3b74626e37b641fb44ba
Unidebug is another exploit for the begging-to-get-patched IIS unicode bug. Takes advantage of the DOS/Win debug.exe to create binary files on the remote site.
8e17e7b0f8c5238e4b25523275f6838f53fb410606405d67218f8f95d39afcd6
VocabScan v1.0 (dig version) scans just .com and outputs to result.txt. Takes the hosts from a wordlist, so be sure between IPs there are not undesired domains.
94aee50dc4cb80d46e86b902bab25b703f67984806193dcb779bea6b393b2ac0
Webspider v1.1 is a perl script that, when given a start page, will "follow" every link it finds, scanning the HTML code for the use of CGI's. WebSpider will report every CGI used by a webmaster in seconds.
1b70f0f8a2720859cab88cd9fed76c3a1b90a455f7c30e10982eadb7d0892702
Forbidden Knowledge Issue 14 - Reconstructing serialized Java objects from sniffer logs, Blackhole TCP/UDP behavior and its effect of nmap, More fun with CyberXpress Internet Kiosks, The lazy man's "PGPDisk for BSD", More fun with Nedbank ATMs, Dumb Motorola T2288 Trick, and "Privacy and other myths of the 21st century".
39d58aedc6af335d0d57fca798298950eefe903eab83712c5deaa046b7170bb9
Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable.
c7fe5497623b82391c2f6f8c4e0d6f0cddd8405282c73ba789be9d2a1a709bdc
Forbidden Knowledge Issue 13 - Hacking the Cyber Xpress Internet Kiosk, Hacking in Switched Environments, mIRC 5.41 DoS, M-Web Dialup Hostname Reference, Just how stupid Diana PABXs are, More Vodacom VMB hacking nonsense by Wizdumb, Fun with Windoze Networking by Wizdumb, "The Blob", And other true tales of stupidity.
2753a98c4e0d6314d14ad99ca5f91a05ffb7bac94087f6c4792d945ce495a46d
Defcom Labs Advisory def-2001-18 - Cyberscheduler for Linux, Windows, and Solaris lacks bounds checking on the timezone variable, allowing remote root compromise. Patch available here. Includes proof of concept exploit x-cybershcehd.c and a shell script to brute force the offset. Vulnerable systems include Mandrake, RedHat, Slackware, Caldera, Suse, Debian, Windows NT, 2000 (IIS 4.0 and 5.0), and Solaris 2.5, 2.6, 7, and 8.
21c37966585bd74ddeb800641942dfeff9778cd7e600ab1a642ec1d919315aa4
Defcom Labs Advisory def-2001-19 - Innfeed has local stack overflow vulnerabilities in the logOrPrint() function which can be exploited to give uid=news. Tested on Slackware 7.1, Mandrake 7.0, and RedHat 7.2. Includes a patch, proof of concept exploit x-startinnfeed.c, and a shell script to brute force the offset.
4138178fdea0de7a98d769d075ebec0aa842b1ff03426901f91cd2c8b12ac932
Removing the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password.
7a3fc00fea0ff0994ae858e317eefc68874f30058a8c8af694cc82126a795089
spfx2.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack. Works by limiting the use of key system calls to library functions. Although spfx2 does not prevent buffer-overflow related crashes, it does make it very difficult to break security with with a buffer-overflow attack, preventing most root compromises.
21123c498529b71be6d347b91c4205c6d050024dbd2a5899cf8fb5b621b3df73
Debian Security Advisory DSA-048-1 - Samba does not use temp files correctly, allowing local attackers to trick samba into overwriting arbitrary files. Both problems have been fixed in version 2.0.7-3.2.
c64ca9f497ad002e62c183ca44b7e3a1180a6da09f6d05e942a74c5b380db8a7
Icmp-Log v0.4 is a simple ICMP logger.
ca68646691293ec198e2109258822f5491defff735799a86db504b84fcaf73a9
Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
b1c08424547c197563f6641aee28b0b9450246b337ba74064bd85a9711b9b8a1
Fancylogin 0.99.7 buffer overflow exploit. Fancylogin is usually not +s so this exploit isn't that dangerous. Tested on debian potato and kernel 2.2.18 and 2.2.19.
29d03dc71d859bbe4e1a2875ecdcaa1d77c2adb10f17069da1e18b83a08771c0
Lcrzoex, created with the network library lcrzo, allows to test an Ethernet/IP network. For example, one can use it to sniff, spoof, create clients/servers, create decode and display packets, etc. The Ethernet, IP, UDP, TCP, ICMP, ARP and RARP protocols are supported. Lcrzoex and lcrzo were successfully installed under Linux, FreeBSD and Solaris.
dbfa70d9b6ce8ac4a17c12b0f95c81a072c7ebbcaf4406851176e70f4bcf9089
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.
4115335725a45f4603641308018122c98866dbd7787e7f9647379a7e21f766f6
Security flaw in Linux 2.4 IPTables using FTP PORT - If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing "related" connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself. Advisory available here.
ae3602a2f75b24ef995eb290537dc514837d292b96235e884dbb43f17d8b9bcc
The Spapem project aims to how how to elude securelevel under *BSD systems by hiding the fact that the system has been rebooted. Includes code to restore the PID, a LKM to change the uptime, a generic rootkit example, a module to remove startup messages, and instructions for patching init(8).
82b43738fe9aaba0129a0e6210d475fb733357a302d34ecc0480bd867274d1d5
Carbonite v1.0 is a LKM which is designed to investigate and detect rootkits, even LKM rootkits which patch calls to /proc. It works like lsof and ps at the kernel level, querying every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux. It gives administrators a more reliable method to identify all running processes on the system.
9ea8e381203f46223874eea4e92810c3094d00eeda03ad7b927236f98a7cbb78
FreeBSD-4.2-Stable ftpd GLOB remote root exploit in perl. This version requires user access and writeable home dir without chroot.
d9d003dd6fbf397662aaadea0cda37b79f4f487bbe81f0f4dca4c6995f5cb632
Denial of Service in Microsoft ISA server v1.0 - Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted. Exploit URL's included.
9d02d2508ec99a83764ebc8949250bbaa3f6a7f94d64565ec9d94e4721d64d5d
OpenBSD 2.x remote root GLOB exploit w/ chroot break. It is possible to exploit an anonymous ftp without write permission under certain circumstances. This is most likely to succeed if there is a single directory somewhere with more than 16 characters in its name. With write permissions, one could easily create such a directory.
5e2903fcb27602a8d106b23765838518455a5fb29fed0495120e4cdf16853274
Georgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here.
4343d6e471cf14bde5baebc0d0bf30f0bf01a8f1220ae414f85aef130a942a42
1i0n.tar.gz is an executable package for the 1ion worm by the ramen crew. Includes several shell scripts and helper binaries.
c809a95720b0fc977cdf4bf07033e74055cbae62236d58c20fd20b1352efb33d