exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 83 RSS Feed

Files Date: 2003-01-01 to 2003-01-31

nsat-1.5.tgz
Posted Jan 6, 2003
Authored by Mixter | Site 1337.tsx.org

Nsat is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more. Unlike many other auditing tools, nsat can collect information about services independently of vulnerabilities, which makes it less dependent on frequent updates as new vulnerabilities are found.

Changes: New compilation option to support scanning with POSIX threads instead of fork to enhance performance, compilation / stability fixes, and updated timing values. Ping dependence is now disabled by default.
tags | tool, remote, scanner, vulnerability
systems | unix
SHA-256 | 2ece807b3240a6e91ea88fd84c470a87de711c33554b231e071549388cb65114
atstake_etherleak_report.pdf
Posted Jan 6, 2003
Authored by Ofir Arkin | Site atstake.com

Multiple platforms ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory due to poor programming practices. Several implementation methods are discussed in this white paper.

tags | kernel
SHA-256 | daec269b3fe04ddf8ce145fdfc529beb7cb202da14e9fcd184457b800d6f711d
Atstake Security Advisory 03-01-06.1
Posted Jan 6, 2003
Authored by Ofir Arkin, Atstake | Site atstake.com

Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.

tags | kernel
SHA-256 | 08e892f8893b2271d8dd4a438785fa2838ad83e1bafff8e9b8f1aa5864ceb555
pine-cert-20030101.txt.asc
Posted Jan 6, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.

tags | advisory, denial of service, kernel, local
systems | freebsd
SHA-256 | 6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
platinumserver.ftp.txt
Posted Jan 6, 2003
Authored by Matrix

The Platinum FTP Server v1.06 contains remote directory traversal vulnerabilities that allow denial of service, list any directory on the server, and possibly arbitrary file deletion. Denial of service exploit in perl included. Fix available here.

tags | advisory, remote, denial of service, arbitrary, perl, vulnerability
SHA-256 | a8bc055674587d2f973081399e32d98230ea6742287042f8447672f8eb93bdab
whcc-0.6.65.exe
Posted Jan 6, 2003
Authored by Jeffrey Barber | Site ussysadmin.com

Web Hack Control Center is an administrative tool that scans web servers for known vulnerabilities. Scans HTTP and HTTPS (SSL) servers, and it's exploits database contains over 2000 vulnerabilities. WHCC can be used as your primary browser or be launched from Internet Explorer.

Changes: This release has 600+ more exploits than the last.
tags | web, vulnerability
SHA-256 | 33d8a7f67d68d7b9bb1747928535b6f0c6136b488f2dc1db617225dd5eaf0618
nbtdeputy101.zip
Posted Jan 6, 2003
Authored by Urity | Site securityfriday.com

NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name for Windows XP and .Net servers on your local network which have ports 137 and 138 open, similar to Proxy ARP.

tags | local
systems | windows
SHA-256 | 2eba418c4b2d590c4781fe38d65790172790412c30c995b841e579c4d877254c
oOps.c
Posted Jan 5, 2003
Authored by Gunzip

oOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux.

systems | linux
SHA-256 | 6ec922e0fecc9ff438d329269c632e0bdae94a19c0a176bb42b7160fa0bb0f73
talkspoof.tar.gz
Posted Jan 5, 2003

Talkd spoofer for NetBSD. C source.

systems | netbsd, unix
SHA-256 | 1281b7f5312ba6c1278583d3d9869e9ebb91d98d461e36822570eb0dd56b2f21
sparc.c
Posted Jan 5, 2003
Authored by teso, scut

Remote root exploit for Solaris Napalm heap overflow - SPARC version. Tested against SunOS 5.6, 5.7, 5.8, and 5.9. Attempts to add a root shell to inetd.conf.

tags | remote, overflow, shell, root
systems | solaris
SHA-256 | 31f1d3a448b985faea7b24302d4c77d14c5872c6dedf6a8acaba2c2b9b0d7b07
oat-source-1.3.0.zip
Posted Jan 5, 2003
Authored by Patrik Karlsson | Site cqure.net

OAT v1.3.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

Changes: Added support for manually specifying remote os when running (O)racle (S)ystem (E)exec. Bugfixes.
tags | java
systems | linux, windows, unix
SHA-256 | f74397f5dff0d95279b307a2fc6334c3acae4a79d5a794fddf202a2e0033b02a
guileproxy.tar.gz
Posted Jan 5, 2003

Guilecool proxy scanner and checker C source. In Italian.

tags | web
SHA-256 | 76ae99e840ad52b05ecadadb10e938560cfd6d8a347a487395f17a5e1faed327
aix433noflag.c
Posted Jan 5, 2003
Authored by George Dissios | Site frapes.org

Aix433noflag.c exploits a weakness in a function in the AIX kernel which handles the in/outgoing network connection. Setting no flags in the TCP header, causes a 100% CPU usage (DoS). Tested On IBM RS6000/SMP-M80/4) on AIX 4.3.3.

tags | denial of service, kernel, tcp
systems | aix
SHA-256 | a38f534a17a16d987ae40a6df45fa023e0d3bbf7156c1c7f2d2dd9f526400a09
gupt2.zip
Posted Jan 5, 2003
Authored by Ayan Chakrabarti | Site gupt.sourceforge.net

Guptachar is a remote administration tool which works as a web server - it can be controlled with just a web browser. It has an inbuilt keylogger and an IRCBOT feature. It's tiny with the server executable being less than 50kb in size. Comes free with sources. Archive password is set to p4ssw0rd. Use at your own risk.

tags | remote, web, trojan
SHA-256 | 60601505f4749ce58674344f78e0287142c691293ea10bcbb243e567948e5830
efstrip.c
Posted Jan 5, 2003
Authored by Hi_Tech_Asslemon

Efstrip is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efstrip is robust, doesn't need a wide range of attack options, and doesn't need brute forcing. It actually ./works.

tags | exploit
SHA-256 | a0fa492bfaf986c0a0bcba194d566ba90078b5c1cf124df1293a16b9fb3336b6
Nikto Web Scanner 1.23
Posted Jan 5, 2003
Authored by Sullo | Site cirt.net

Nikto 1.23 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: Now has Apache username guessing, static auth cookies, static base directories, proxy id/password prompting and bug fixes.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
SHA-256 | 729c6820976fe10cb68bb6304f78a8d6c989af43db2867765d76bb8203121b2b
file.c
Posted Jan 5, 2003
Authored by George Dissios | Site frapes.org

OpenBSD and NetBSD LKM which hides files by patching getdirentries().

tags | tool, rootkit
systems | netbsd, unix, openbsd
SHA-256 | 281adc79edc85e83c7b2c663fcc68dfbea7fdb717f4948665d758518e709e6bf
s8forum.txt
Posted Jan 5, 2003
Authored by Nasser.M.Sh

The S8forum v3.0 allows remote users to execute commands on the webserver. Includes exploit instructions and patch included.

tags | exploit, remote
SHA-256 | 30057e99c24735c79779fce73a458ca76ecbcde0426e92f90b9db9f2e1b9e561
widzv1-0.zip
Posted Jan 4, 2003
Authored by Mark Osborne

WIDZ version 1 is a proof of concept IDS system for 802.11 that guards an AP(s) and Monitors local frequencies for potentially malevolent activity. It detects scans, association floods, and bogus/Rogue AP's. It can easily be integrated with SNORT or RealSecure.

tags | tool, local, proof of concept, wireless
SHA-256 | 8f8488eea9838a824c0a830e09fb3cac0fd6fbd51a0708fb1eaebae8e6f21294
GNU Privacy Guard
Posted Jan 4, 2003
Site gnupg.org

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.

Changes: New stable release - Compile fixed for OpenLDAP, minor changes, and bug fixes.
tags | encryption
SHA-256 | 7095ed29a6c8a81a3fca314c6b294d6ebb1c02d908420a63418cb5720eac98be
sigcups.c
Posted Jan 4, 2003
Authored by Sigdom

Cups v1.1.17 and below remote exploit which spawns a shell as lp. Tested against Gentoo Linux with cups-1.1.17_pre20021025 installed.

tags | exploit, remote, shell
systems | linux, gentoo
SHA-256 | fd6664e13f9fdddcf6bf6c5f5bab39ed00c719fa6c0d965f76c0958998152656
2002-exploits.tgz
Posted Jan 4, 2003
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm exploits added in the year 2002.

tags | exploit
SHA-256 | 0617e2f7ff24aef4e0c4e755eeb45ef4355b511518c82177d4b919df913c02b4
0212-exploits.tgz
Posted Jan 4, 2003
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for December, 2002.

tags | exploit
SHA-256 | 1555cfd70d17661ea949de42f155f2a9ca2fa215c4751d4829806a8dbb83647d
mysqlsuite.tgz
Posted Jan 4, 2003
Authored by dreyer

Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.

tags | exploit, remote, shell
systems | linux
SHA-256 | 5c2113bbb28fb3db28e5790a86c03b3c83871154d3a6e756b9d3bbcc18b27f48
swap.pw.pl
Posted Jan 4, 2003
Authored by Spai

This perl script recovers passwords out of unix swap files. UID or GID 0 required to read swap files. May be useful for finding passwords that were entered into the wrong machine. Tested on Red Hat 6.2 - 8.0.

tags | tool, perl, rootkit
systems | linux, redhat, unix
SHA-256 | 315c8a7d3c4ad00dd5237ad5680f7641193fef637e8a4c7cae7904511b9cc7f9
Page 3 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close