Server Scan is a simple tool for detecting web servers on a network. Created originally to detect unauthorized web servers on a network, server scan can serve many purposes from detecting unauthorized web servers to checking what types of web servers are running on your network. Server Scan is compatible with Windows 95, Windows 98, Windows Me, Windows NT 4, Windows 2000, and Windows XP.
33a20c4ac6e5e81d98e320a88e45b9886a7df5d4b42c74486b74b559a63d2301
/bin/su tru64 local root exploit. Works even with non-exec stack enabled.
7191ae0c7ab446286470772096239fc512f0f6319ed88e297d994f5cdcdd45ea
OpenSSL Security Advisory 20020730 - The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulnerability is exploitable. Exploit code is NOT available at this time. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. Various buffers for ASCII representations of integers were too small on 64 bit platforms.
f9af83be02ac077e9b59190ae57ec592f7eb9e27cb03ce973e0d3f9558b73883
CERT Advisory CA-2002-22 - Microsoft SQL Server 7.0, 2000, and Desktop Engine 2000 contains a dozen serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and compromise server hosts.
575f598787931e113b5894b9cdc0eb1653353cde6659e50dc4feae91d71aaadd
Razor Advisory - A locally exploitable vulnerability is present in the util-linux package shipped with Red Hat Linux and numerous other Linux distributions. Chfn and chsh are affected. Tested against Red Hat Linux 7.3 and below.
f33c78e000c95226dc9e980eef83fefd8f6895c01bda0b30a85f012ad3ca7906
IE gopher buffer overflow exploit. Tested on W2k Korean and Wme Korean.
85e52c61271025804b7c1b580740ed4678d9ae456002868ea97d71c273e26b37
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, uptime calculation, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
39298010712f2998aaf000413f139c0641cf0eaaaa9dc9b48835da6341cbca4a
SnortConf is a tool that provides an intuitive menu-based text interface for setting up the IDS tool Snort. It also provides error and sanity checking on user input, and an online help facility.
79315da95214e1820919debe85714fcdaf1ce062802bfe4ba31554dacd0f1a77
Shadow mailer 1.1 Anonymous e-mail sender/bomber.
8667c9e5712018fe5a28a30569cfeb362eb34cc6dc9db4f4d6ea56842c557d77
IPSwitch IMail Server v7.11 remote system exploit. Overflows the GET parameter in the Web Messaging daemon in all IMail versions to date. There are over 49 million users of IMail worldwide. Patch available here.
35c821776d9bb0af1fc4b049f211ca07fb58ac7eecd2c428058fac0629803de5
IPSwitch IMail Server v7.1 security patch. Fixes overflow described in imailexp.c.
225b746db3f3c62ebeef99e4e58c94b647123eb0232661ac368a904b0241eb3e
Novell GroupWise Internet Agent 6.0.1 sp1 contains a buffer overflow in the smtp service which can be exploited over port 25. Tested on Novell NetWare 5.1 sp3. Fix available here.
a176e4e5a0799c3a71f7a3f6764dbd5dc8b33db8e6a3951197adf2671d937e12
PHP v4.2.0 and 4.2.1 with Apache 1.3.26 POST bug proof of concept exploit for x86. Produces a segmentation violation (signal 11).
e1e66701c77072a167c7aa5778b3d30cc69da1019bee73ce24e76872d8212be9
Microsoft Exchange Server Internet Mail Connector (IMC) provides SMTP (Simple Mail Transfer Protocol) functionality. It is possible for remote attackers to formulate a request to trigger a buffer overflow on a vulnerable Exchange server. This flaw may allow an attacker to either crash Exchange and block all inbound and outbound email delivery or allow an attacker to gain complete control of the server.
a61e4caccffff08e6577f171e4763c83baf57da3c8f3bcfb4e8dd5b42fca11c8
The Pablo Software Solutions FTP server version 1.0 build 9 for Windows 98/NT/XP shows files and directories that reside outside the normal FTP root directory. Fix available here.
6df65debffed14ad12b5f0d01521b4a49980ff30538c271b7f1ec8895d429fa5
Vscan v1.2 is a perl script which uses nmap, snmpstatus, whois, and host commands to find information about a remote host.
f5a841b37cafc2ff6237685a106ab9f3e1fbe2b2f3f195f09fcb1cf2b4a9d834
Code Blue remote exploit for OpenBSD. Code blue is a code red scanner with several vulnerabilities.
cff16d5936946288cd9899071ceab6d62a74a4b57a019d0ed58b1845d5195c7d
Writing Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.
7f88f2d22ed4e054498403e9c2f923a531d0e030d05598992787c9f2a357b715
Writing shellcode for Linux/390 mainframes. Includes port binding shellcode example.
c882054b5eac3179b12735dc7e7d8bd4b960f0cbc421c7afa516ca6eb6614193
Phrack Magazine Issue 59 Release Candidate 1 - In this issue: Handling the Interrupt Descriptor Table, Advances in kernel hacking II, Defeating Forensic Analysis on Unix, Advances in format string exploitation, Runtime process infection, Bypassing PaX ASLR protection, Execution path analysis: finding kernel rootkits, Cuts like a knife, SSHarp, Building ptrace injecting shellcodes, Linux/390 shellcode development, Writing linux kernel keyloggers, Cryptographic random number generators, Playing with windows /dev/(k)mem, Phrack World News, Loopback, and Linenoise.
79115d1b271465569aece42fafcb7edd1c26a8972e97d2e4a8a9372119ae3983
MailMax Standard/Professional popmax v4.8.2.5 and below remote exploit. Sends a long USER string to the pop3 daemon. Tested against Windows 2000 Professional/Server and Windows XP Professional. Patch available here.
6463001871555a4dde5d4631306b9a8eea057ffea8d2462e5fd5a2f22fe762f5
MailMax Standard/Professional popmax v4.8.2.5 patch which fixes a buffer overflow in the USER string.
90cf9e79ea1e5a2cc7a7588d1ce8f11fcc5d80d7fa81284eee2789230e15d36b
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.
0a95c7c4b33ab669e6cb682dee59695f3c5a9ba16430de53a4fadcd79aad056e
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
ffa74ffac9f6fd324dc72211172b17144efed59f789ab45f7eecfb30df33a226
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, uptime calculation, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
b183fb546b3246e3098a4354e3b9c060c8be81a5b38d4324dac6a8d569e9437a