Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3f
Win32 Shellcode Version 1.1 - Supports SHE+ScanMem to get GetProcAddress memory address, bind mode, connect back mode, reuse connect mode, and more.
5362ba1b4b205e3dbeaca2371bc7f6813b413007491740ae688a645399986d60
Simple scripting utility that will perform DNS, SMTP, and HTTP scans on a hostname list given by google.com.
22496f05022cb6837ddc642bb6b9592199c3824b3664014e3f379c9af03ac571
Apache 2.x memory leak proof of concept exploit.
d4fbe74bb18c6e0f994d19cdb1e82f8a0689fa3ca218b404294e09b094809d44
This paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package.
3416eee186ecb4a1c7798816bcd5868bc05378accefdc3c5557d1a4fbc71a12a
wIDS is a wireless IDS. It detects management frames jamming and could be used as a wireless honeypot. Data frames can also be decrypted on the fly and re-injected onto another device.
86aeaba8b21c9e2972c6eeea1d86984de96b31f6dcc06a647127c61c9e5d08d4
This script uses the linux ping command to simulate the +++ATH0 bug represented in modems that have thier gaurd time set low. Consider this a version of gin.c that actually works... but it is also more efficient in a way because of the emplementation of "ping".
ad188dd1d0e4912673cdad5d3b3e4fa6f80962690fec38012d2b615413e7a23f
stuff.c v1.0 sends an illegal character for ppp frames, causing a packet of double size to be returned.
6ffa52818243eca9d792e090449bb997f9a1f740b3ebe0cc9d96ca1ad2c40abf
Stegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.
ebef4d7fb76c4d35e30fe24a2260a12237b058adad112fa1c746f7a0277b289c
Local exploit/trojan that makes use of REGEDIT.EXE. Any file containing a value of more than 260 characters causes an error exception by the RegSetValueExW function, which then uses a function of NTDLL.DLL which is vulnerable.
c874fde4ec04f62e0bde41e571ba6761e1c46629f665638a2753eb90b45c1471
Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux. Updates: More targets have been added and this version of the exploit also attempts to download the ptrace exploit, compile, and execute it in an attempt to gain root privileges.
a47755378b773f335a74bb7a4b40dcd8af408322961e6a3c7e5252d068998e50
Yabase v1.5.0 remote exploit to spawn bash shell with Apache uid.
58656cc32a0af4370be32b024340a8b698195d4cb03ac29dfab328c01e3fb61e
The Abyss Web Server v1.1.2 and below has a denial of service vulnerability where the server can be crashed remotely via uncompleted fields.
d86a3e89daf4e0b1c43cb68523417f0347659320ea71449cfdd0694782755813
Local root exploit utilizing the overflow in XLOCALEDIR under XFree86 Version 4.2.x using xlock. Written to work on Redhat 7.2.
4f06feb2008a323c9ee1ec5fc10c12fb0db7abdec79524c84490367295d8d227
Secure Network Operations Advisory 1106 - The AOLServer Proxy Daemon API contains exploitable syslog() calls in nspd/libnspd.a. This vulnerability is remotely exploitable.
68e25eb097cfab06cdbd23579c0aa94b2ed828355e93606d120a274ab998f1fe
x25zine number 3 - Topics discussed: m68k shellcodes for Linux, Parrot assembler, OpenVMS, Amiga viruses, /dev/* patching on Linux, Digital Unix, and more. Russian version.
74fe62eea3f1b299d43181bdd6dcf0e3cff89b33c6e6195dbea4b731daf413af
x25zine number 3 - Topics discussed: m68k shellcodes for Linux, Parrot assembler, OpenVMS, Amiga viruses, /dev/* patching on Linux, Digital Unix, and more. English version.
ecb7dfec3f6018b5a52dcde53ee97cc2ff50a23b8e15afe4d9ca72fbec76844a
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
27cf453511aebcc96cff5118d614b1c155dd0610d31545b1f370533a705182aa
IEHist dumps Internet Explorer history from index.dat files into delimited files suitable for import into other tools.
b8aa5e9a301292fd275a632be35c3791be8407e584979256137f32203de3a450
VNCPwdump can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways. It supports dumping and decrypting the password by: Dumping the current users registry key, retrieving it from a NTUSER.DAT file, decrypting a command line supplied encrypted password, and injecting the VNC process and dumping the owner's password.
ebf49f069d3620f60c4c84681dfca3061ff616033ee023578474e84bc7623eed
Passifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found. Initial version holds support for the following protocols and plugins: CDP, CIM, HSRP, IPX, NETOP, SMB, TFTP.
8bc5231456824abbfdbf91481823c7a14a7be0f5e42fc530de99aeb9ac3314bb
ChiTeX, the utility used to put Chinese Big5 codes in TeX/LaTeX documents, contains two setuid root binaries that execute cat without using an explicit path allowing an attacker to easily gain root privileges.
1c2236c651538e4aaaa0b8f89bbc85cd212f6cf79eed7e9609ddef1998071e56
Remote exploit for the buffer overrun found in passlogd. Target list includes four flavors of Linux with more to come.
37b269945b84e22d48de5f5d785c67d39f7bf09b5346f96a621bc6647022fc26
Service Banner Fingerprinting in C - This paper is a supplement to modular's tcpscan series. It covers how to write C programs that will perform banner fingerprinting using various standard servers as examples.
e235c26539ac8a622e503b130f1fea2dec6c57ae8c0f9b6cd3ed0564bfe69c95
Local root exploit for mtr versions lower than 4.0.6. Vulnerability originally found by KF of Snosoft.
d8abcbb929ad05dfb21ec534c2ad715d568011e3df645bbfcfb8825327e5eb29