exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 155 RSS Feed

Files Date: 2003-09-01 to 2003-09-30

x86-linux-shellcode
Posted Sep 13, 2003
Authored by Ramon de C Valle | Site risesecurity.org

Code that executes /bin/sh.

tags | shellcode
SHA-256 | 11e293324484a29a36787255c819b460d7830e2359d8331471dfd2121836cde0
x86-linux-setuidcode
Posted Sep 13, 2003
Authored by Ramon de C Valle | Site risesecurity.org

Code that attempts to restore root privileges.

tags | root, shellcode
SHA-256 | 5003f212fcd49a9b5b28e29825d3e9d16357bd5435a2f33fd2e63e05acc535de
x86-linux-bindsocketshellcode
Posted Sep 13, 2003
Authored by Ramon de C Valle | Site risesecurity.org

Network server code that creates a listening TCP socket on port 65535 and executes /bin/sh.

tags | tcp, shellcode
SHA-256 | 5c33126a97310122075e5c934031c3ed15df533b9d0ebfb96f8e77ddd038ce0f
x86-linux-bindsocketcode
Posted Sep 13, 2003
Authored by Ramon de C Valle | Site risesecurity.org

Network server code that creates a listening TCP socket on port 65535.

tags | tcp, shellcode
SHA-256 | acd1d81c06f35d9d09b67d8d71987e83ddd6d83bb82c05f95aca65db052e5646
widzv1.8.zip
Posted Sep 13, 2003
Authored by Mark Osborne

WIDZ version 1.8 is an IDS system for 802.11 that guards access points and monitors local frequencies for potentially malevolent activity. It detects scans, association floods, and bogus or rogue APs. It can easily be integrated with SNORT or RealSecure.

Changes: Improved scanning, more signatures for many common attacks including WLANJack and FATAJACK, custom scripting facility added, and various bug fixes.
tags | tool, local, wireless
SHA-256 | 7eaaaa7ef04553766dafd60b7eabb6d62e07109fd991ce91186616fb307e0c95
Atstake Security Advisory 03-09-11.1
Posted Sep 13, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.

tags | advisory, sql injection
advisories | CVE-2003-0779
SHA-256 | 5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7
4DWS_ftp.c
Posted Sep 13, 2003
Authored by B-r00t | Site doris.scriptkiddie.net

4D WebSTAR FTP server suite version 5.3.1 remote exploit that binds a shell to port 6969 as the uid running the server. This exploit makes use of the pre-authentication buffer overflow that exists in the login mechanism of the WebSTAR FTP service.

tags | exploit, remote, overflow, shell
SHA-256 | 01bd8e388df9d06a72dc6ebd9d02e2c90f9818694359d81010f1bde7d75c1d8e
msIEvulns.txt
Posted Sep 13, 2003
Authored by Liu Die Yu | Site secunia.com

Secunia Research Advisory - Multiple remotely exploitable vulnerabilities have been discovered in Microsoft Internet Explorer, including cross site scripting problems, exposure of sensitive information, and system access. Vulnerable versions are 5.01, 5.5, and 6.

tags | advisory, vulnerability, xss
SHA-256 | 4e79f2cf181ab7bc26673e30bb7e89b6032c9f17fa3926229fc65644418bf5f5
dsa-379.txt
Posted Sep 13, 2003
Authored by Debian, Alexander Hvostov, Julien Blache, Aurelien Jarno | Site debian.org

Debian Security Advisory DSA 379-1 - Several security related problems have been discovered in the sane-backends package that allows a remote attacker to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2003-0773, CVE-2003-0774
SHA-256 | 14a8b86eb3fe69526f71c2cb0d208516e1418ab00a1d3f518b0deb76cd6e4dd8
mysqlpriv.txt
Posted Sep 13, 2003
Authored by Frank Denis | Site secunia.com

Secunia Research Advisory - A vulnerability in MySQL version 4.0.14 and below, due to a boundary error when checking passwords before hashing and storing them in the User table, can be exploited by malicious users to escalate their privileges via supplying a value longer than 16 characters using set password.

tags | advisory
SHA-256 | b38050cc8622e8b30bee6fe74ad079fbb83abe828e36d3b629f1c530345f520d
elfsh-0.51b3-portable.tgz
Posted Sep 13, 2003
Authored by Mayhem | Site elfsh.devhell.org

Elf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable.

Changes: It works on Linux, NetBSD, FreeBSD, and Solaris for the INTEL and SPARC architectures. It provides ET_REL injection into ET_EXEC for both arch, and INTEL control flow graphs, as well as a lot of new improvements, as featured lastly in The Cerberus ELF interface article in phrack #61.
tags | shell
systems | linux
SHA-256 | ecffe100d0da12235cfe464726313491409739493030f3fbdb3a28696b23447f
myPHPNuke.txt
Posted Sep 13, 2003
Authored by Frog Man | Site phpsecure.info

myPHPNuke version 1.8.8_7 performs improper variable sanitizing that will inadvertently allow a remote attacker to upload files from another site to the current site.

tags | exploit, remote
SHA-256 | 3a1d3adb28ded0cb43ab4856777f220e3e957aa1f45290d28d02a1d2cd088a90
sa2003-06.txt
Posted Sep 13, 2003
Authored by NSFOCUS | Site nsfocus.com

NSFOCUS Security Advisory SA2003-06 - The NSFOCUS Security Team has found a remotely exploitable buffer overflow vulnerability in the RPC DCOM interface of Microsoft Windows. Exploiting the vulnerability remote attackers could gain local system privileges.

tags | advisory, remote, overflow, local
systems | windows
SHA-256 | 70585563c17300b64273505b039efe0d297c03ce9b48ffb8fa7ca381475a6841
firestorm-0.5.4.tar.gz
Posted Sep 12, 2003
Site scaramanga.co.uk

Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.

Changes: Various bug fixes and feature enhancements.
tags | tool, remote, intrusion detection
systems | unix
SHA-256 | 3aaf79dcab1b9806b47265e63f3274ed5455c090ff50c6eb8fe2bcecefdec3d0
CA-2003-23.RPCSS.txt
Posted Sep 11, 2003
Site cert.org

CERT Advisory CA-2003-23 - The Microsoft RPCSS service has two buffer overflows that can result in remote code execution and is vulnerable to a denial of service attack as well.

tags | advisory, remote, denial of service, overflow, code execution
SHA-256 | 08f608806da03bf13300ae37d04e18b8c5ce0fb2d050af75589357405066c043
iDEFENSE Security Advisory 2003-09-10.t
Posted Sep 11, 2003
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 09.10.03: The PINE mail client has two vulnerabilities that can be exploited by specially crafted e-mails being opened. The first lies in a buffer overflow that exists in the parsing of the message/body type attribute name/value pairs while the second exists via an integer overflow during the parsing of e-mail headers.

tags | advisory, overflow, vulnerability
advisories | CVE-2003-0720, CVE-2003-0721
SHA-256 | 75236386e59a2fe6120fdbcd69391ed773a4ad2c6190cefc9eccf5d67e15bce5
rpcagain.txt
Posted Sep 11, 2003
Authored by Barnaby Jack | Site eEye.com

eEye Digital Security has discovered a critical remote vulnerability in the way Microsoft Windows handles certain RPC requests. A vulnerability exists within the DCOM (Distributed Component Object Model) RPC interface. Sending a malformed request packet, it is possible to overwrite various heap structures and allow the execution of arbitrary code. Note: this vulnerability differs from the vulnerability publicized in Microsoft Bulletin MS03-026.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | f689147bd2508bf3e6d1fbd617e83c294c0b6a73992a8551f67234a00531c929
wilco-recvbof-adv.txt
Posted Sep 11, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

A vulnerability lies in the Roger Wilco client where it trusts the data length specified in a packet without validation and can allow the program to allocate an insufficiently sized buffer. Versions affected: Graphical server 1.4.1.6 and below, Dedicated server for Win32 0.30a and below and Linux/BSD 0.27 and below.

tags | advisory, overflow
systems | linux, windows, bsd
SHA-256 | deff21d4849d1e9951b10fb183f5b0b9f242bf1b7a7c77fa8c3f4dae20339197
rp9-priv-esc.c
Posted Sep 11, 2003
Authored by Jon Hart

RealOne Player 9 exploit for Unix/Linux that escalates privileges to the person using the utility by taking advantage of group write permissions on user configuration files.

tags | exploit
systems | linux, unix
SHA-256 | a67aea9bdace7eee5565929ef499259903de9f4e7f7f1daf7852e5af5e5e6f4f
moron.jpg
Posted Sep 10, 2003

Complete moron at Defcon 11 performing the Magnum look.

systems | unix
SHA-256 | f26beeae5b42adc59882e5ac7ffd6ae75ad7e815d641eb75a9cdcf8c3df5a878
libShellCode-0.2.0.tar.gz
Posted Sep 10, 2003
Authored by ORK | Site orkspace.net

libShellCode is a library that can be included when writing linux/i386 exploits by providing functions that generate shellcode with user given parameters during runtime.

Changes: Added support for port-binding and connect-back ShellCodes and the possibility to execute commands with parameters.
tags | shellcode
systems | linux
SHA-256 | 5b326563a47d6b38dab16822844291b3202ab83dac784bf2e4a5eff9e9fff6f2
PPC_OSX_Shellcode_Assembly.pdf
Posted Sep 10, 2003
Authored by B-r00t

White paper discussing OS X (Darwin) shellcode assembly on the PowerPC 32bit architecture. It covers design considerations, system calls, eliminating NULL bytes, self modifying shellcode, and more.

tags | shellcode
systems | apple, osx
SHA-256 | 302b93e116bcad5ce5620bf7d78e7d092c3331db1765871a148a0c9761f6e8c4
StackOverflow-en.pdf
Posted Sep 10, 2003
Authored by dsr, Angelo Rosiello, rosiello | Site rosiello.org

White paper discussing stack overflows, ways to exploit them, and SIMPLESEM.

tags | overflow
SHA-256 | 85ddc994e6b7cdd09d72c7e1a271c91908d9ccbd87b5a1ba218dbac260ff56ed
as2hex.tgz
Posted Sep 10, 2003
Authored by B-r00t | Site doris.scriptkiddie.net

An easy PowerPC shellcode generation program to extract the hex shellcode from an ASM program that has been assembled but not linked. Tested on programs assembled using the GAS (GNU Assembler) on OSX 10.2.6.

tags | shellcode
systems | apple
SHA-256 | 18f5f5d7bee35e7ae86717c77d8e308f29d7009587d29023536db62ca57c3053
ethereal-0.9.15.tar.gz
Posted Sep 10, 2003
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: Improved support for searching capture files. Conversation List (aka "top talker") support has been added to Ethereal and Tethereal. Protocol statistics in general have been updated. An H.225 dissector has been added. It can automatically recognize RTP and RTCP conversations. A preference file has been added for disabled protocols. Color filters may now be imported and exported from within Ethereal. A new column type has been added for cumulative bytes.
tags | tool, sniffer, protocol
systems | unix
SHA-256 | 947cd4d2309022e7deba9d345f05022412063591c1fdb4e1e6bcfa4a90b67aaf
Page 5 of 7
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close