Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3fWin32 Shellcode Version 1.1 - Supports SHE+ScanMem to get GetProcAddress memory address, bind mode, connect back mode, reuse connect mode, and more.
5362ba1b4b205e3dbeaca2371bc7f6813b413007491740ae688a645399986d60Simple scripting utility that will perform DNS, SMTP, and HTTP scans on a hostname list given by google.com.
22496f05022cb6837ddc642bb6b9592199c3824b3664014e3f379c9af03ac571Apache 2.x memory leak proof of concept exploit.
d4fbe74bb18c6e0f994d19cdb1e82f8a0689fa3ca218b404294e09b094809d44This paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package.
3416eee186ecb4a1c7798816bcd5868bc05378accefdc3c5557d1a4fbc71a12awIDS is a wireless IDS. It detects management frames jamming and could be used as a wireless honeypot. Data frames can also be decrypted on the fly and re-injected onto another device.
86aeaba8b21c9e2972c6eeea1d86984de96b31f6dcc06a647127c61c9e5d08d4This script uses the linux ping command to simulate the +++ATH0 bug represented in modems that have thier gaurd time set low. Consider this a version of gin.c that actually works... but it is also more efficient in a way because of the emplementation of "ping".
ad188dd1d0e4912673cdad5d3b3e4fa6f80962690fec38012d2b615413e7a23fstuff.c v1.0 sends an illegal character for ppp frames, causing a packet of double size to be returned.
6ffa52818243eca9d792e090449bb997f9a1f740b3ebe0cc9d96ca1ad2c40abfStegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.
ebef4d7fb76c4d35e30fe24a2260a12237b058adad112fa1c746f7a0277b289cLocal exploit/trojan that makes use of REGEDIT.EXE. Any file containing a value of more than 260 characters causes an error exception by the RegSetValueExW function, which then uses a function of NTDLL.DLL which is vulnerable.
c874fde4ec04f62e0bde41e571ba6761e1c46629f665638a2753eb90b45c1471Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux. Updates: More targets have been added and this version of the exploit also attempts to download the ptrace exploit, compile, and execute it in an attempt to gain root privileges.
a47755378b773f335a74bb7a4b40dcd8af408322961e6a3c7e5252d068998e50Yabase v1.5.0 remote exploit to spawn bash shell with Apache uid.
58656cc32a0af4370be32b024340a8b698195d4cb03ac29dfab328c01e3fb61eThe Abyss Web Server v1.1.2 and below has a denial of service vulnerability where the server can be crashed remotely via uncompleted fields.
d86a3e89daf4e0b1c43cb68523417f0347659320ea71449cfdd0694782755813Local root exploit utilizing the overflow in XLOCALEDIR under XFree86 Version 4.2.x using xlock. Written to work on Redhat 7.2.
4f06feb2008a323c9ee1ec5fc10c12fb0db7abdec79524c84490367295d8d227Secure Network Operations Advisory 1106 - The AOLServer Proxy Daemon API contains exploitable syslog() calls in nspd/libnspd.a. This vulnerability is remotely exploitable.
68e25eb097cfab06cdbd23579c0aa94b2ed828355e93606d120a274ab998f1fex25zine number 3 - Topics discussed: m68k shellcodes for Linux, Parrot assembler, OpenVMS, Amiga viruses, /dev/* patching on Linux, Digital Unix, and more. Russian version.
74fe62eea3f1b299d43181bdd6dcf0e3cff89b33c6e6195dbea4b731daf413afx25zine number 3 - Topics discussed: m68k shellcodes for Linux, Parrot assembler, OpenVMS, Amiga viruses, /dev/* patching on Linux, Digital Unix, and more. English version.
ecb7dfec3f6018b5a52dcde53ee97cc2ff50a23b8e15afe4d9ca72fbec76844aNessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
27cf453511aebcc96cff5118d614b1c155dd0610d31545b1f370533a705182aaIEHist dumps Internet Explorer history from index.dat files into delimited files suitable for import into other tools.
b8aa5e9a301292fd275a632be35c3791be8407e584979256137f32203de3a450VNCPwdump can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways. It supports dumping and decrypting the password by: Dumping the current users registry key, retrieving it from a NTUSER.DAT file, decrypting a command line supplied encrypted password, and injecting the VNC process and dumping the owner's password.
ebf49f069d3620f60c4c84681dfca3061ff616033ee023578474e84bc7623eedPassifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found. Initial version holds support for the following protocols and plugins: CDP, CIM, HSRP, IPX, NETOP, SMB, TFTP.
8bc5231456824abbfdbf91481823c7a14a7be0f5e42fc530de99aeb9ac3314bbChiTeX, the utility used to put Chinese Big5 codes in TeX/LaTeX documents, contains two setuid root binaries that execute cat without using an explicit path allowing an attacker to easily gain root privileges.
1c2236c651538e4aaaa0b8f89bbc85cd212f6cf79eed7e9609ddef1998071e56Remote exploit for the buffer overrun found in passlogd. Target list includes four flavors of Linux with more to come.
37b269945b84e22d48de5f5d785c67d39f7bf09b5346f96a621bc6647022fc26Service Banner Fingerprinting in C - This paper is a supplement to modular's tcpscan series. It covers how to write C programs that will perform banner fingerprinting using various standard servers as examples.
e235c26539ac8a622e503b130f1fea2dec6c57ae8c0f9b6cd3ed0564bfe69c95Local root exploit for mtr versions lower than 4.0.6. Vulnerability originally found by KF of Snosoft.
d8abcbb929ad05dfb21ec534c2ad715d568011e3df645bbfcfb8825327e5eb29
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed