Amap is a scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
94fab83628b9447bc141df6b16c39f31750777f88ee84a8d1eb31ceb8b387221
LedNews v0.7 lacks any filtering allowing a remote attacker to embed javascript or various HTML tags. It may also be possible to add server side include tags into news posts as well.
bb8bdc61aef9712a1297bda410fd6d68cf2a865fc673e5a6a79779178914d42e
Pmachine version 2.2.1 has a fault Include() routine that allows a remote attacker to supply a malicious URL that in turn can be a script that the webserver will then execute.
3a954f23f36da44d1a53b9c709a5c45c9eee6bf4b1b93f9c0048194f7b4eb754
iDEFENSE Security Advisory 06.16.03: The pam_wheel module of Linux-PAM uses getlogin() in an insecure manner, thereby allowing attackers to bypass certain restrictions. The pam_wheel module is often used with the su command to allow users belonging to a trusted group to utilize the command without supplying a password. The module utilizes the getlogin() function to determine the name of the currently logged in user. This name is then compared against a list of members of a trusted group as specified in the configuration file. If the trust option is enabled in the pam_wheel configuration file and the use_uid option is disabled, any local user may spoof the username returned by getlogin() and gain access to a super-user account without supplying a password.
c65f3b99c2e44aca0273c3c270501fa89200aeeec261693c53ac01a45de16c3e
IDScenter is a control and management front-end for the Windows platform. Main features: Snort 2.0/1.9/1.8/1.7 support, Snort service support, Snort configuration wizard, Rule editor, AutoBlock plugins (Network ICE BlackICE Defender plugin included (Delphi, open-source), Plugin framework for Delphi included), MySQL alert detection & file monitoring, e-mail alerts / alarm sound alerts / visual notification, etc.
f9b7423c7841bf496874eb4b6958f826ddcecd9c8631065cef6dfd7aa797770e
Shellcode that print What is The M4Tr1X ?! and then exits.
24613700722f04736909af821d62b7e6bc1c78910a71e75776a1e46bce154fb9
The product Mailtraq suffers from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory through decryption of locally stored password, to a cross site scripting vulnerability in the web mail interface.
0fccaf9934ee9baa9e271e3755695428f4343300ad90ccad092c5010d7861a0e
Wsh is a remote UNIX shell that works via HTTP. The client script provides a shell-like prompt, encapsulating user commands into HTTP POST requests and sending them to the server script. The server script extracts and executes commands and returns STDOUT and STDERR output. Features include command line history support, file upload/download, and it can work through an HTTP proxy server.
7864a855e018dd23e964a0eaf335ca34817663b10989a9550f0bb9e6dff02976
Firepass is a tunneling tool that bypasses firewall restrictions and encapsulates data flows inside of HTTP POST requests. TCP or UDP based protocols are supported. Both the client and server entities are written in Perl and the server script acts as a CGI program.
6c43de260fd97f1737cc73314eaebbbfd500a970d2214726068a49de4e743123
The ntdll.dll remote exploit through WebDAV that was originally written by kralor. This version is ported to Linux by Dotcom.
2c2a25135d00b80b6afe08a65594cfb418ba630c1c156a70363d9fcc3f00201e
It is possible to evade the BlackICE PC Protection IDS logging of cross site scripting attempts due to a lack of it checking HEAD, PUT, DELETE, and TRACE requests for the <script> pattern.
ea50d43db68e3d4aeaaf1d9927e9cd734abfff473651ddcbc8ce4ef1fed187ae
Secure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.
cc47dfe490340c579a133daf438955383d7c3fc7d41008a2aff2e5564b96be2b
Secure Network Operations, Inc. Advisory SRT2003-06-13-1009: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files _dbagent looks at the argument passed to the command line option "-installdir". No verification is performed upon the object that is located thus local non super users can make themselves root.
8b6fdcc0365bbcfd0d2a95fd0575bd8ddea798ae6c1a17fcde6e9e197f0d13af
Cctt, or "Covert Channel Tunneling Tool", is a tool that presents several exploitation techniques allowing the creation of arbitrary data transfer channels in the data streams (TCP, UDP, and HTTP) authorized by a network access control system.
6f7b41438fd9d341aa44164449ba16733e9cda53c37752b7ee30b054cfef0253
Signal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.
39d24e0bf7039655f777a3ec241d81e2d5c2ad7d2f230207fedcc80f5217e6f8
Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.
fb2974b5f5f7c3955537f5144cea1e1d3cf3625114335c88e940fcbfb22ad899
iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.
06f5f4530631ec6de5e22a571bf7126c7ed146ccc935738f187e5617f9acca31
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
414f3a9d87beaf5e7f684cb2baba90f4e6407e05d9e592f2d2f6fa22320a900a
Local exploit for E-term that escalates privileges to gid utmp via insufficient bounds checking performed on an environment variable that is copied into an internal memory buffer.
f237a0eba9a4f56b1498cd561335e4be5638015d0d619676b960dacd3044a6bd
Local root exploit for XaoS that makes use of a specially crafted command line -language argument to cause it to execute arbitrary code.
69d8770f8159a752b55a03fa0726456bce230f5b5d5be8647880d72636ed92d3
fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name().
945fa08d2db2da2eb13cd4bc4bf7ca8b42c3f19daac89a8d244fa205bfcd41e5
This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
1ac81f168242749009676261c22cae1a836b0a6b70111282cd3ba3d7b398caca
Unmask is a simple md5 cracking utility that will attempt to find the true IP address of a fake host using Trircd 5.0 and PTlink.
b0c51a9f11f227a13b24456b72a96c5bc6d4f45d14b1af2e5b087f11b6cdd7b3
Remote format string exploit for Magic Winmail Server version 2.3. Sending a format string in the USER field during the authentication process, a remote attacker can cause the server to execute arbitrary code.
3500425cf62ca44b00af89fefa96dcebeb90a65e3253fbf1c84596b3df100aeb
HTML Source Code Explorer Bar 2.0 is a plug-in for Internet Explorer that allows you to view the form fields for any HTML form being served and easily repopulate the fields (even hidden fields) with the input of your choice and submit the data. This tool can be very useful for penetration testing input validation on CGI scripts, etc.
b83e6392af3df04eef20b40df66d69a189095649aaf2bff9ece7e6dec15bc584