Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1.
a139e465d5432bfb22c8cb02fcaad81f3ba8d7d7f42d2f31a3ad875ca2065362Fuck'it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
ecda413afe774928a09b55ef7af38e67fd7c7f3fb6daa26f1ef757be52df5313This is a modified version of the Slapper worm and was recovered from a compromised machine. Modifications to the worm let it mail system information, such as the ip address and processor type, to a Yahoo! email address. No other changes where made.
d871493127f042e44746b0d6678a391feb86eed4b2f5224af756399b4ec22188This tool can be used to replace netstat in order to hide network sockets on a system.
e3829d7b3011d4e902f75347e995a7775ff3c56340d79178d3b5588617fa209fWinfingerprint v0.5.3: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
90bf1fe4fd53df1e0615f1d129c9fa8b6f4e56ee982f6ef8272e6cff575937b4Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
b8facdc4e3ecabeb7c90224bfda8baf5903f4d6ee52939327bde3f868f18d01fSPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
08787f66244491fa56d1a647c261268d4044bc34cf9b2299b02a138f29c94598HashDB is a networked md5 hash comparison tool that allows you to automatically check the hashes of any files you download against a master database stored at www.immunitysec.com. This allows you to download source tarballs without worrying that they've been replaced by trojaned ./configure files.
4a1fc0b4fd64f1f50f53b470729606f6873f9dff312ef2a66c32af02f31e6501Genshell is a fully generic win32 shellcode generator. It compiles on both Linux and Windows. Shellcode is also polymorphic (you can specify xor-byte value). A complete article with source code is included.
b90364b48c70c4622aa95c35d6ba27db5dd4ecbc4f71055d49fad2a4fef26089Apple security advisory APPLE-SA-2002-09-19 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
5907e5ca8b939567f596c5abdbc0ead1070c8160b0c2423fbea33fdb62a333beThis exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP.
d7d156c479c021809f9a0057514db6f1459ab7f03ab76f348bc1c94b1dfed0a8Gentoo Linux security advisory - A vulnerability found in default Apache Tomcat 4.x installation can be used to remotely disclose the source of served JSP files.
44918fb3fe44c0391cb282db4a9797872dc7635f9b5b0467868f2917103a9e8aMicrosoft Security Advisory MS02-053 - Serious vulnerabilities have been discovered in Microsoft FrontPage Server Extensions 2000 and 2002 in the SmartHTML Interpreter (shtml.dll). FrontPage Server Extensions 2002 the flaw allows remote attackers to run code of his choice; on FrontPage Server Extensions 2000 the attacker can consume most or all available CPU until the service is restarted.
e336209cb8e7287fcc28062f2faba13182a7f5785256bb71bd5aa1e1aeb6918fThis exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit.
436090b56a7078c33d435bf10253452623305a3c47e6e5c7f13c05a10118fd8dThis tool can be used to scan IIS servers for the unicode directory traversal vulnerability.
d68555136e1216e01f665bb28f94c34d9fa82ebd4c0629f79f500a373361d1c4How to unlock a Samsung T300 cellphone
95e3fe277638e94a8ff970e63471d9ea5628adfcf47a6652752477cf74c79994Airsnort is a tool for wireless lans which recovers encryption keys by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Works on both 40 and 128 bit encryption. Many weaknesses in the WEP 802.11 protocol are discussed here. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second. Tested on Linux kernel v2.4.
02648ab47da49b596792193fe7e0d3a838aeee6fa0dcd41260a727aa7dad7044A vulnerability found in default Apache Tomcat 4.x installation can be used to remotely disclose the source of served JSP files. The Tomcat developers fixed this issue in the Tomcat versions 4.0.5 and 4.1.12, which are available here.
2fef92ed7d59d75004c3b7399e643001f93de8ce9846efd4fb65db9ad40f1db1WinME/XP UPNP denial of service exploit.
dd4090e55c9cd11ffd0a2b06d91b810031268e8bfab0b2aaefc0812502458aefVoices is a *nix program that hides files in mp3's.
fc0629ea31bd0a4ceb7516abc767ab86a6065df9e8dfee324d664be4247672f0Vbulletin/calender.php remote command execution exploit.
696c47bb743d4c61635d2b53c61441cce1ff71882f95ce0d1f8c84b21ee7c0c4Shellcode-v1.0.zip is a genetic win32 shellcode generator based mainly on kungfoo. You can generate a shellcode with the help of a GUI. Source and executable included.
7ceadbc837c0a293c10e87c625f4338c9ca2fa138a5049d58d67ace148db452dApache v2.0.42 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
67222ed486ef13b54ce49f1d08ef8804fdd9c1e23d4d9ad8627f066335e7b93bGspoof is a GTK+ program written in C which makes easy and accurate the building and the sending of TCP packets with or without a data payload. It's possible to modify TCP/IP fields or the Ethernet header.
a88d6431a66a7fb6a6ac88abf80c2b92daaac376cb378ea57a11fce08d0db8d9The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
96dd1e43908212e0dc4ef397abb29aaff477566103061db23da2fb10ca26af26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed