Grenzgaenger is a SOCKS-like hacker tool for tunneling nmap, netcat and exploits transparently through systems into protected networks.
7b46223b2239a585a065db7456ef97a3a6f6b8c152023b6ac785b4990ad42954
Version mapper 0.5.2 is a utility for fingerprinting services by checking features and replies of bogus commands being fed to the daemon. Currently supports FTP, SMTP, POP3, IMAP, and HTTP.
315d3d9e5cf65be910fc47d159fe64a09effc31240e987426e119ac6e5524275
Cisco Systems IOS 11.x UDP echo memory leak remote sniffer. The UDP echo service (UDP port 7) has to be enabled on the device. The bug will cause the Cisco router to send about 20 kilobytes of data from the interface buffer pools containing packets in the send/recv/forward queues. This tool will identify IOS memory blocks, find the router specific offset for packets in the block and decode the packet to the screen. Note that this is not a full dump of the traffic through the remote router but rather a subset of received data. Features include a packet checksum cache to prevent repeated output of the same packet, auto identification of packets and buffer offsets, and IPv4 decoding.
88c96f5f35ee8e8f230938a70d6e512ac19d921be8f468c01cdb28507adc9a83
Cisco IOS 12.x/11.x remote exploit for the HTTP integer overflow using a malformed HTTP GET request and two gigabytes of data.
7f4a101d2a92a428372a4b1a01844cc8f4d4614537c428b116c224be6b8b346c
IglooFTP Pro 3.8 client side remote exploit for Windows XP Pro Build 2600.x. Included shellcode runs notepad.exe.
a1759d8d7e93d3bc684eafcaf16d26dfeb674d131ee9c65a7db0179d42c1284b
NMRC created this secured, Debian-based Linux distribution that has Openwall, HAP-Linux, Bastille, and many other patches and features included.
e17637292fee6f8f80942b84f72e63ad84141d29e67a2c7a6bf63fef67897a9e
NMRC covert channel using ISN to transmit data from one computer to another.
06c1b1d9f225af451885111b1f3bed5073b07ded469338b643220fbc2ad9c6ad
NMRC symmetric file encryptor/decryptor/wiper that includes multiple crypto choices (Rijndael, Serpent, or Twofish) and multiple secure file wiping techniques.
89caa35b66944f2c6953f1333745ef889ab02ac638fec61e68476812acdc34d9
RPC DCOM remote Windows exploit. Includes 2 universal targets, 1 for win2k, and 1 for winXP. This exploit uses ExitThread in its shellcode to prevent the RPC service from crashing upon successful exploitation. It also has several other options including definable bindshell and attack ports.
51e52375501a20b7887981d8cad4867174ea62a3ed29f29ee6a2c3b1d52c5c71
Shadow Mailer version 1.2 will send out anonymous emails allowing specification of all the headers, supports socks proxy 4, 4A, 5, mail bombing, skins, auto saves everything, and has a stable and fast engine.
1e4b168e810e0dbe08a985c56548dfbd91ad44ddffb3a3eb6c92fb198f892797
wuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here. Win32 version included that requires cygwin1.dll.
526db9e57fd9d03098a4ca647fd59e6961d4ccc10042d2d8bef0f4ec2b9e6426
IDScenter is a control and management front-end for the Windows platform. Main features: Snort 2.0/1.9/1.8/1.7 support, Snort service support, Snort configuration wizard, Rule editor, AutoBlock plugins (Network ICE BlackICE Defender plugin included (Delphi, open-source), Plugin framework for Delphi included), MySQL alert detection & file monitoring, e-mail alerts / alarm sound alerts / visual notification, etc.
6e63a96e3d7b640463f315ba5db36b317a35ea578991fa75ab4ad69acbba59f5
Postfix 1.1.12 remote denial of service exploit.
b0da22d0cfbdc3497ffd67e7e35596e8ba75b9df40e447e1d99fd7e249ae92d7
jmpreg is a python class which makes it easy to find jmp calls inside various Windows DLLs. This class is especially helpful for local overflows.
e8aa03292c6a732d4b571b601fe773b46d8df96c52a6e2ed925629ed9aef69d4
Possibly one of many DCOM scanners/worms in circulation. Makes use of the 48 target exploit.
50eaf8d03dedab5be875488d96d74ce540febb02a673e0a877588e4ee2238a75
Domino Hunter 0.91 is a Lotus Domino web server scanner, written in Perl. It attempts to access default NSF databases, as well as crawl user-defined bases. It tries to enumerate the database structure, enumerate available views, available documents, and ACLs set on documents. It also tries to retrieve documents from available views in order to check if ACLs are correctly set to restrict documents and not views. The scanner works in both anonymous mode or privileged mode if user supplied credentials are supplied to then be passed to the default names.nsf/?Login form.
3c2a5de75ff2142db4ae5a5c5bc7513405bbcb6e7ab06b5102e3e6016d591993
Novacoast Security Advisory - Novacoast has discovered that Novell GroupWise 6.5 Wireless Webaccess logs all usernames and passwords in clear text.
73f94dfc0e4284cc8cbaf2c9688ddbad14ddec6437238d61c2b58e0ae32235bd
EF Commander versions 3.54 and below are vulnerable to various buffer overflows that can allow for remote arbitrary code execution.
4b6a103daedde0838356670bb130997652d09b35383a7ead54a7b31c2bb79a60
CERT Advisory CA-2003-19 - CERT announces that the exploitation of the RPC/DCOM services on every flavor of Windows is occurring in a widespread fashion.
0afa663b6fe40143f38ab3473e9d8cdb5bbe3c9f4fc11d00d907b04333fbaab5
Shatter Master is a win32 program made in VB6 to develop and exploit shatter attacks in Windows NT/2k/XP. Related information available here.
c5950147449ed4a389f5d8bef53044cb8e1930a127a12b45da93507005f58a57
ZoneAlarm is vulnerable to a buffer overflow in its device driver VSDATANT that can allow for code execution with escalated privileges.
820b1f247faa010ab3db72480902ac763d30b08bf5e79008ff372f7dbf442eec
Local exploit for the atari800 Atari emulator on Linux. Makes use of the -config overflow. By default, this binary is not normally default on most Linux installations.
6aadd23c68aa03fd20777677fdf26a1f88f63806dbb1d73b2a7fe7e914ed8645
FreeBSD Security Advisory FreeBSD-SA-03:08.realpath - An off-by-one error exists in a portion of realpath(3) that computes the length of a resolved pathname. As a result, applications making use of realpath(3) may be vulnerable to denial of service attacks, remote code execution, and privilege escalation. A staggering amount of applications make use of this functionality, including but not limited to, sftp-server and lukemftpd.
c39b1f231af3aa6eed22527f9da4ecb48a71fe2b9222d7e38045c619b9534d99
Remote denial of service exploit that makes use of the Postfix vulnerability discussed here.
54fd82b0d9859aa96b40ddaf97c6305be1201cdb2e93594702a51808237266a1
wuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here.
ee456ce67583efada4d02d4662672efba77c520fe854673004cf4f185d954ed0