Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3f
0x333crypt is a tool for FreeBSD which encrypts files with md5 and xor.
4d8eedb49b20c48428ba6a689f7ed94dd30444a3074103207cfe4da123d442f8
FreeBSD Security Advisory FreeBSD-SA-03:07 - A second remotely exploitable overflow was found in Sendmail header parsing. Upgrade to 8.12.9 to fix the vulnerability. Patch available here.
2020462d2c424be84d00d47dab2a8fee098fe1f39416fb76eb439652f8902a06
Rs_iis_xpl.pl is a remote exploit for rs_iis.c, a remote IIS exploit. Sets up a web server, and if rs_iis.c is used to attempt an exploit, a shell will be spawned on the attacking host. Tested against FreeBSD 4.7-RELEASE-p7.
53a1d6f18d614b512a0d0c1ca5a75101a70147c7534c005448527d40e2891a82
Packit offers the ability to monitor, manipulate and inject IPv4 (and soon IPv6) traffic (TCP/UDP/ICMP) on and into your network. This can be valuable in testing firewalls, intrusion detection systems and in general TCP/IP auditing. At the comment Packit can be run using one of two modes. packet capture, and IPv4 packet injection. Packit is dependent on libnet 1.1.0+ and libpcap and has been tested with numerous FreeBSD and Linux kernels.
bb1010dd3019726b778a6ca1ad09bb5a11a141ea0260a0fc581292dfbebb2b45
Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Includes scanners. WARNING: The binaries in this archive are infected with the ELF_GMON.A virus which sets up a backdoor on UDP port 3049. Updated by Ech0. Notice: Previous versions of this .tar.gz (before 3-11-03) had several binaries infected with the linux.osf.8759 virus. This tar contains both cleaned and infected binaries, with the cleaned ones running by default.
284a089a6557cd9d4d23a493e8aced962e8dcf4a523227361dd66fdd462ebab7
Polymorphic Shellcode Generator - In Spanish. This tool was written to mask the final function of shellcode in exploits. Tested on Linux, FreeBSD, OpenBSD, and NetBSD.
8791ddbd0def68d52be402a2277d183d94f283e1ed7ac8aa7b826d5f00110219
FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail - ISS has identified a buffer overflow that may occur during header parsing in all versions of sendmail after version 5.79 through v8.12.7. Patch available here.
e0d20c1c42885c4e88ae0958325f7a669850164090a536ce78986cb7cdcc4514
FreeBSD Security Advisory FreeBSD-SA-03:02 Version 1.1 - OpenSSL v0.9.6h and below contains a timing-based vulnerability in CBC ciphersuites in SSL and TLS which can recover fixed plaintext blocks, like a password.
7634649866247240fdacffa5096769ff57f23a2bb2ad63558ba33b0f1213c8db
FreeBSD Security Advisory FreeBSD-SA-03:03 - The FreeBSD syncookie implementation uses keys that are only 32 bits in length, allowing remote attackers to recover the ISN, which can be valid for up to four seconds, allowing ACL's to be bypassed and TCP connections forged. syncookies may be disabled using the 'net.inet.tcp.syncookies' sysctl(8) by running the following command as root: "sysctl net.inet.tcp.syncookies=0".
f1a19443f25751c44cb233a1222d580467975bb2b27cfee7560380c7d12c6f71
FreeBSD Security Advisory FreeBSD-SA-03:01 - It has been found that the CVS server can be tricked to free memory more then once, which can be used for remote code execution. Additionally, the CVS server allowed clients with write access to specify arbitrary commands to execute as part of an update (update-prog) or commit (checkin-prog). This behavior has been restricted. This affects all FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4 and 5.0-RELEASE-p1.
04676dcda11f1a243bf6290503b701850ff6c455eef9399e03ed4dc95e392be6
Chkrootkit v0.39a locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
c6290a41059d4f3660b135a3cbecaae68e5ad29c3168843f77373a5d6691a710
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
cbc1da4216f1107c4918011890c3b804bb5e9a3ae73c6e311bdf6ebe3e4b5781
FreeBSD Security Advisory FreeBSD-SA-02:44 - FreeBSD 4.3 and later is vulnerable to a local denial service attack due to a bug in the fpathconf system call which crashes the system by repeatedly calling fpathconf on a file descriptor until the reference count wraps to a negative value, then closing the file descriptor. See Pine-cert-20030101.txt for more information.
aacf0c83903b87562681466b20bcaa250cf0fb40cfd75e49cd68e3de7dbd5952
Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.
6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
58841c5ea62ff35044a0c96cd73420569272aeaeadf15d133444cdd183c5e58e
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
be2ad72a5f7e58bec5e293f07cddf1c771191addf410c6a726252e11b9718624
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
bf57bdba2faff2d72c22509caad8cc4d79f26bff1b59d0fe40b015cfd2a8f913
Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
05b375d49a739715ea4498dc8a321ce52be498a549605eb6d54a8b5313fadead
Krb 4-1.2 kadmind remote stack overflow remote root exploit for FreeBSD 4.x, BSD/OS 4.2, SUSE 8.0, OpenBSD 2.9 and 3.0, Slackware 8.0, and OpenWall 0.10.
c513133b6220f92e72287282cf3c8c7d473068419bbca7546a806fa93ef5a03d
Fake Freebsd-4.6 remote telnetd setenv() heap overflow exploit which is very similar to 7350854.c.
07e888a3c669b4d4ce129cda0e38b2aa3279b9d87a5c25033370270aadc53308
Tcpdump v3.6.3 remote root exploit. Tested against FreeBSD-4.6.
c738ae09342cca2f263e6827dfaa5d34cca5a8098a2efa6c3adaa524156ad552
RealNetworks Helix Universal Server v9.0 and below for Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 contains buffer overflows which can cause code to be executed as SYSTEM over tcp port 554.
b39acaf9964d4389121ef064fdeeef266502772719c45556094be1fe82988b89
Sendmaild.c is a local root exploit for Sendmail on BSD. Exploits the bug discussed in FreeBSD-SA-01:57. Tested on FreeBSD 4.3-RELEASE with Sendmail 8.11.3.
af378464c45ce674f69dcef1b241d4a304679c343fa1f55700fd04fe7f29c324
Hlfsd local exploit tested on FreeBSD 4.6-STABLE and 4.7-RELEASE. Hlfsd is not SUID by default.
ec0c364ca5a80087101a5cb10e3a7355c48c4a10f37fb0d2ec5b278420d7a08a