exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files

RFP9906.txt
Posted Nov 1, 1999
Authored by rain forest puppy | Site wiretrip.net

Windows NT remote denial of service and compromise (RFPoison). When sent a specific packet, it's possible to get srvsvc.dll to choke, and cause services.exe to reference a bad memory location. The impact is pretty severe. Services.exe handles named pipes for the system. Once this crashes, everything named-pipe-based goes with it. Combined with the AEDebug vulnerability, remote compromise is possible.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | 30fdab853650e808fbeaf377b9dc6694e8c922c4a560d2c7c3d2c1b33d0ec56a

Related Files

rfp2201.site-server.txt
Posted Jan 31, 2002
Authored by rain forest puppy | Site wiretrip.net

RFP2201 - MS Site Server Evilness. Security considerations to keep in mind when using Site Server 3.0. Includes info on a LDAP_Anonymous account w/ default password, information leakage and more via administrative pages, information leakage via _mem_bin pages, Cross-site scripting in various files, anonymous LDAP access, user publishing of files, Content publishing (cphost.dll) issues, and more.

tags | xss
SHA-256 | b2d879527af4c0745a0200f6764a9f8cc7188c198d4129e7315d2cc73fe7ec08
RFP.txt
Posted Mar 6, 2001
Authored by rain forest puppy, NightAxis

Packet Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet. (Text Format)

tags | paper
SHA-256 | 43284d288da9f2331d1bd5c0d9a900b6ffaf2f5af2659be61d5f41dde2c20fc5
RFP2101.txt
Posted Feb 14, 2001
Authored by rain forest puppy | Site wiretrip.net

RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.

tags | exploit, web, php
SHA-256 | cc5049f1f163f63deea98dbb2a421e75f15ed91bb1c34e3487646b61d0d36b8d
rfpatch.exe
Posted Dec 8, 2000
Authored by Fides

RFPatch.exe is an unofficial fix for the windows exploit RFParalyze, which Rain Forest Puppy wrote some time ago. Keeps backups and a log of changes.

systems | windows
SHA-256 | 6f080b2ad1f23f32e46a0517b240d8905bf54ac6646465cda7f3aecf9269d250
rfpolicy-2.0.txt
Posted Oct 17, 2000
Authored by rain forest puppy | Site wiretrip.net

RFPolicy 2.0 - rain forest puppy's policy on notifying vendors and releasing security vulnerabilities.

Changes: Less stringent on timeframes, more stringent on communication. Thanks to everyone who contributed. I also added some supporting notes (FAQ, etc) to help dispell some misconceptions on it.
tags | paper, vulnerability
SHA-256 | 292c943bdd96a7ec03da8dac3e27832c587f3bcc55001ecabfda4ad18b74786b
RFPickaxe2.pl
Posted May 31, 2000
Authored by Hypoclear

RFPickaxe2.pl is a windows port of RFP's RFPickaxe.pl demo exploit for the BlackICE IDS uses a management console.

tags | exploit
systems | windows
SHA-256 | 7115ec33efe3130c21b7bf3b9c61e2b5d24620f2951e8ae5fe98bbc2b6ea2f29
RFP2K05.txt
Posted May 19, 2000
Authored by rain forest puppy | Site wiretrip.net

NetProwler 3.0, a network based intrusion detection system, has a remote denial of service vulnerability. The software crashes when two fragmented IP packets are sent to an IP address that it is profiling. Netprowler must be profiling ftp in order for the exploit to work. Please note that Netprowler logs all incoming alerts to a Microsoft .mdb file. Please read RFP2K04.txt for more information.

tags | exploit, remote, denial of service
SHA-256 | 01dfbeff982172b700a96a3ad3afd0f8babfbb62d8508a80fe57958e3f4d2e87
RFP2K04.txt
Posted May 17, 2000
Authored by rain forest puppy | Site wiretrip.net

RFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.

tags | exploit, shell
advisories | CVE-2000-0325
SHA-256 | eb477a77f630953d91b35937b63fd59b9bc492d8898abfeed95794044c8189f8
RFParalyze.txt
Posted May 3, 2000
Authored by rain forest puppy, Evan Brewer

Through a netbios session request packet with a NULL source name, Windows 9[5,8] show a number of odd responses. Everything from lockups, reboots and "the blue screen of death", to total loss of network connectivity. Source code included. Reverse engineered from a binary exploit already in use.

tags | exploit
systems | windows
SHA-256 | f3538a492ff6e70e86c22b289cde727edd32fe6a78aeb81e4c21dbecb58b573c
RFP2K03.txt
Posted Apr 20, 2000
Authored by rain forest puppy | Site wiretrip.net

RFP2K03 - Contemplations on dvwssr.dll and how it affects life. Lots of information here. Also includes a fixed versoin of the perl exploit.

tags | exploit, perl
SHA-256 | 35d74c40a89b7e8cc70b2ff471f069a45fac739fddcdc7582bf99957b60ddc84
RFP2K02.txt
Posted Apr 14, 2000
Authored by rain forest puppy | Site wiretrip.net

RFP2K02 - "Netscape engineers are weenies!" AKA a back door in Microsoft FrontPage extensions/authoring components. Anyone with web authoring permission can use a backdoor in dvwssr.dll to read .asp (and .asa) files under the web root. As Microsoft has told me, the immediate problem is moreso the fact that any developer of one particular virtual site can download the .asp code of other virtual sites on the same system. Includes dvwssr.pl, a perl based exploit.

tags | exploit, web, root, perl, asp
SHA-256 | 0936015396bd313d2672ec14ba8f974c4fc1c50db12450334d9108faf511c37f
rfp2k01.txt
Posted Feb 3, 2000
Authored by rain forest puppy | Site wiretrip.net

"How I hacked PacketStorm Forums" - A look at hacking wwwthreads via SQL. This is more of a technical paper than an advisory, but it does explain how I used a vulnerability in the wwwthreads package to gain administrative access and some 800 passwords to PacketStorm's discussion forum.

tags | exploit
SHA-256 | 29b3228561304410fb2ef71030ea7e75376cc046c8543397a51327868ce6872e
RFPoison.exe
Posted Jan 24, 2000
Authored by rain forest puppy | Site wiretrip.net

Exploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.

Changes: AVP no loger thinks this is a trojan, and it no longer reboots the machine it is running on.
tags | exploit, remote
SHA-256 | 2b98566441d44ba149fafd2b74a9bf4293af462f1fe5b8657c87530b1278ec22
RFPoison.c
Posted Jan 22, 2000
Authored by rain forest puppy | Site wiretrip.net

Source for the RFPoison, a NT remote DOS. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.

Changes: AVP no loger thinks this is a trojan, and it no longer reboots the machine it is running on.
tags | remote
SHA-256 | 97b128e117f9dab3ea840c5462d01811717f598125ea7c7d49bde330c80268b9
RFP.doc
Posted Jan 21, 2000
Authored by rain forest puppy, NightAxis

Packet Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet.

tags | paper
SHA-256 | acbfe437758ef4ccfb79fde7993aac9a5d2d865fa6ba4948cd195b2923ef09cf
RFP9906-2.txt
Posted Nov 5, 1999
Authored by rain forest puppy

Antidote for RFPoison (Followup to RFP9906) Recently I released RFP9906: NT denial of service in services.exe (RFPoison). I included a limited sample exploit that would demonstrate the problem. Since then, I've worked with a few individuals and confirmed some configurations what will protect your system.

tags | paper, denial of service
SHA-256 | 7d04c58afabcfae0c9ad8108d86888643b7d5e722aed854e013a8a8b7ccdde5e
rfpoison.py
Posted Nov 4, 1999
Authored by rain forest puppy

Services.exe DoS ported to python. This only seems to work on NT. Also, it may have to be run multiple times before SERVICES.EXE will die. Ported by nas.

tags | denial of service, python
SHA-256 | 3b9d830eb936de7fad335758f8b37d44a5c53ec539339d1bcac9874a2ef814f6
RFP9907.txt
Posted Nov 3, 1999
Authored by rain forest puppy | Site wiretrip.net

Advisory RFP9907 - You, your servers, RDS, and thousands of script kiddies. .gov, .mil, and even microsoft.com haven fallen lately to the hands of website defacers. Turns out, it's all been because of RDS. This paper is the straight story on fixing the RDS hole.

tags | paper
SHA-256 | a1562ec8e6c3de504d8609d33290529e67aa77bd45c35abf8a3f834df5775bd8
RFP9905.zeus.remote.root.txt
Posted Oct 28, 1999
Authored by rain forest puppy

Zeus is a high-performance webserver available from Zeus Technologies (www.zeus.co.uk). There's a myriad of problems, that when combined together, could yield a remote root compromise.

tags | exploit, remote, root
SHA-256 | 65d6f38cd31d99a0d42671ac5798e0b7297ec2bffefafb358fe4c9721a74e92b
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close