This paper goes into great detail describing how to utilize format string attacks with limited buffer space.
26e76a849776b6bb6aed421c8c8e7c19ea279402faae685b8acaa53a90afbbd9
sendtcp.c v0.1 is a simple TCP packet generator for the win32 platform.
7af982f217dfe69a3c11877335907b115cd1b91f172b720b530c795af375f6b1
Proof of concept remote root exploit for atftpd version 0.6. Makes use of the filename overflow found by Rick Patel. Tested against Debian 3.0.
9f6808a16e0468c6d54152cfeec1e9d9af5e7c3678ec1fac83789785f111fae5
Utility to brute-force AIM screenames and passwords. In a list of about 1500 passwords, aimcrack takes about 2 hours on a cable modem connection.
8a31be4fe67114eca89d80ed2320768f4dfad6d2e8e37c1bbc41a3238e7bf9a3
Secure Network Operations Advisory SRT2003-06-05-0935 - The ftpd that comes default with HPUX 11 is vulnerable to an attack that will allow an attacker to view the contents of any file on the system without first authenticating. To patch this, install HPUX patch PHNE_21936 or higher.
ca94fbeffc52d8737dabb08617866e580015a18548c6d5700a7f24fa31421685
Proof of concept exploit for mnoGoSearch 3.2.10 that spawns a shell as the webserver user id by overflowing the tmplt variable.
c15d5316bdf16f81657526878c11a47b32fd6928f4c75148f179c287d6f99817
Proof of concept exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id.
168a6ae597d201173eb31793c1ca63cc6a43809ec5bbf130f10d5b38f5213886
mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.
ac17442c31b15e3413d421ae705ffc5b64ba90f58e3a9a45847804e8ab31da87
Simple patch to fix the overflow found in atftpd by Rick Patel.
bbb74dfb5d52103ab35a78f731663aae5244b396ecaa1b98451767508ae1c094
Mollensoft Hyperion FTP Server version 3.5.2 is vulnerable to multiple buffer overflows that affect the cwd, mkd, rmd, stat, and nlst commands. Use of the overflows allow a remote attacker to cause a denial of service and there is the possibility of arbitrary code execution.
8f2e8ae2402a5f86274866eb84ecb38d70550e59db91e4899c4661a2e0f09d85
Proxychains is a command line tool for Linux and Solaris which allows TCP tunneling trough one or multiple (chained) HTTP proxies.
e919bd37f15dce9b792a32f5385ff70b84c09f6fdc10ce4f15e0b6d7aedad71e
Local root exploit for the diagrpt command on AIX 5.x and 4.x.
ea76fd0e38b7dc4fdbc4ca8ecf5110ed81045a414cff5c409777afa873f01ad8
Local root exploit for the errpt command on AIX5L.
e3ea043de54e16662166f004a6421bfbc615b1dae74eb7573d3e48d6a8e56cda
Local root exploit for the command lsmcode on AIX 4.3.3.
2fe67fa839a51b0dec7666b43d6df49f44ba93f7e2fa676f1864caf575b06a7b
RPM Finder Project version 1.0 is a utility that works much like the rpmfind.net site. It currently only supports RedHat but will support Mandrake and Suse in its future releases.
d9c5fb359c7e6f5c54e12b8ab53f4c8ef840ca39788e0fc250de49320730453b
THCsql exploits the vulnerability in MSSQL OpenDataSource function found by David Litchfield in June of 2002. Tested on Windows 2000 Server SP2 with SQLservers SP0 and SP2.
8ec23baef348542a74bd1eb310301df8044857c91c1e8d7544218a18b67a034a
D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.
802c81b31a6ec34d42defd9d16029f1790493faf92d67f06228dcf953950b333
Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.
5fa351f9ce58e57f2eea703a4be52cd1c81ec605244c7ecb9a5c8efb1cfdf9cf
Apache Tomcat versions prior to tomcat-4.1.24 create /opt/tomcat with a directory mode which allowed users to access files containing passwords.
cde571310caa333d67c4be137c14773e0f74daef1c8995e8560ef274ee015dff
This simple utility will connect to a webserver of your choosing and verify whether or not it is compliant to RFC 2616. Designed to verify Microsoft IIS servers.
5b11c0bdc25366a8b34ef23012f5c5ecbc7af057a245736c18f21d6c0f7efddb
Snort is giving away free t-shirts for writing rules. Gets yours today.
f8789fd7432e8330b4af0cc468f682831b8f4a00d5b5f64cbae23771e0386080
Windows XP SP1 shellcode (19 bytes).
899f2c53b410dc0da0d2f31d29ce2c89f7b9071b13a561c87063be6e5dd4b27d