The FlexWATCH surveillance camera server is used by many banks and "secure" places and contains remotely exploitable vulnerabilities which allow remote attackers to view camera footage, add users, remove users, change the configuration, disable camera surveillance, and more.
4dfc8429dbb28abe088145db865dc9a76237fec3689cc388ec2968f37e7ed819
DNS Auditor is a tool which checks for DNS security. Looks for DNS cache poisoning (using additional RR), DNS ID Spoofing, and more. More information in a related paper is available here.
832c63102968839f32aa3a17a7cc29f67bb699940862db19e43e1130efd01dc4
CUPASS uses techniques to guess the password of ANY user on a WindowsNT/W2K server or domain. CUPASS uses a flaw in the implementation of Microsofts NetUserChangePassword API to guess/change the users password. This release is the proof of concept code for the THC paper "CUPASS and the NetUserChangePassword Problem"
32d02d7418f4b853a4a32ea1b03f44daf08ae3e5dd3ef0452f45e0e5bcaa4f17
IPF is the first command line tool for configuring the packet filter of Windows NT4 and Window 2000 systems. It replaces the annoying GUI alternatives and can be used as an elegant entry for writing advanced firewall scripts under the Windows system.
c46f4f02954aa5e7db1c4c29cdde1a7774c2112b79cd65edb7097fa134fe9cd1
THC-Secure Deletion v3.0 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files
b218d13f203672b1361f8387242d89fdf58135875e60dd7def28e581a5ac1d23
THC-RUT (aRe yoU There) is a local network discovery tool developed to brute force its way into wvlan access points. It offers arp-request on ip-ranges and identifies the vendor of the NIC, spoofed DHCP, BOOTP and RARP requests, icmp-address mask request and router discovery techniques. This tool should be 'your first knife' on a foreign network.
b32f3d71ac540248b7643baa39d8ecfb75af493228caaeb64608e49f2f092473
THC-Hydra is a high quality parallized login hacker for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.
693645829a78ed3b1dcdc74f3741819dbe8eaf67b14b72b0ec6a4223ceeaa0b1
THC-FuzzyFingerprint is a tool that generates fuzzy fingerprints as described in the corresponding paper, available here.. It generates very similar-looking fingerprints, an ideal extension to man-in-the-middle attacks against the SSH service. The current version supports RSA and DSA key generation and MD5 and SHA1 fingerprints. Due to the fact that fuzzy fingerprinting doesn't try to collide the fingerprints, good results can be achieved in reasonable time.
007e83348f95c354a45ebeda85f22b266151643fc53f80ccaa3bc7585009ce4a
PHP Advanced Poll v2.0.2 contains remotely exploitable PHP code injection, file include, and phpinfo vulnerabilities. Exploit URLs and vulnerable code snippets included. Patch and vulnerability details available here.
6008eb83abb995f5d86ca8e6da5d1c3d4e7dd8f7e12ece0b469a3c5301799f86
One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.
003c664e2339c4874046201145c181f17ebdd3ea4be562a3990168bb8426da4e
Ninja.c is a tool which encodes x86 shellcode using only the characters [0-9,A-Z,a-z,@]. Includes a test program.
539de5c4cb66695fd11579eba945ff3a48d18eae357ed1b0cbda5f3f0ef39d55
Sexy-SOCKET v0.1 is a Linux LKM which restricts creation of AF_INET sockets to the root account only. Works on kernels v2.2.x and 2.4.x.
a3c145dd51bd805728f98d8a91e71034354796aadf906e473ed5780486e2c771
Shellcode for x86 linux which blinks the keyboards LEDs in morse code.
d1bf8499aa8b79f00c872108684099ef3be7b70098fc57336034001fce59543e
Apache v2.0.45 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
b1a08d096ae4c641fe878d1f4129d4e6ee264bc53e3858b8080f8365991e0162
Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed. Changelog available here.
a6cb1cd0701f2d9008c336e6ea3c24bf5b14f7144a47a3b03f95f567d8950944
Mod_security v1.7RC1 to 1.7.1 (Apache 2 version) contains a remotely exploitable buffer overflow. Fix available <a href="http://www.modsecurity.org"here.</a>
003069cb86b78286889e651e8a8ad4e60ff0d92b3ab2ea794aad4c87d8b011ed
Solaris runtime linker (ld.so.1) local root buffer overflow exploit. Bug discovered by Jouko Pynnonen.
02f60b241dd919d6d735402393ba7bf40d3244805b413d1b9dcbc275b2dd3a98
Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. In addition to filtering requests, it also can create Web application audit logs. Understands regular expressions and POST payloads and runs on both branches of Apache.
b9ad12dc385889e64cc4b38ca8bd26b98ea15bf00b39d4f1cd8d212dc434dec1
Directory traversal attacks against the iWeb mini http server. Exploit URLs included. Vendor URL here.
2b782c3d3ced2d812d2176f016730c360d3e63673b1bd7984740c4dae9d99983
Xchat script which uses the DCC SEND overflow to kill mIRC clients v6.11 and below.
63d38d58a1234858cf30c84b453361fc91f45e8b2171b2aff2bafd7cbbdaddd8
Exploit for ms03-046 - Microsoft Exchange Server 5.5 and Exchange 2000 buffer overflow, in perl. Denial of service only.
dc02a00c9d484f730cae974d17f5aa3a118aa3df6f5a4b2305b54e7b02c2a0e4
Reverse telnet redirector / port redirector and front end console for Windows. Perfect for firewall bypassing from inside out. Can be used for bouncing connections, piping or relaying data, or as a quick MIM chat server. Windows executable form only.
47cf1f05ee4afcf1a9fffb776e893755bec1ac2504b8441ae53b46ed1f1ea43b
cpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Exploit URL included. Fix available here.
82a27c83f94222dae3692667195106e99a8da26568c8204f9da7e758dc5513ad
RRC (Roland Remote Control) v0.2 can be used to control a linux box from a remote location.
719c7b410df362e95b1d5cb4c66aaedd13615bac51a55b16dbb1051e92f8e72a