Hunt (linux binary distribution) is a program for intruding into a tcp connection, watching it and resetting it. It can handle all connections it sees. Features: Connection Management - setting what connections you are interested in, detecting an ongoing connection (not only SYN started), Normal active hijacking with the detection of the ACK storm, ARP spoofed/Normal hijacking with the detection of successful ARP spoof, synchronization of the true client with the server after hijacking (so that the connection don't have to be reset), resetting connection, watching connection; Daemons - reset daemon for automatic connection resetting, arp spoof/relayer daemon for arp spoofing of hosts with the ability to relay all packets from spoofed hosts, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic with the ability to search for a particular string; Packet Engine - extensible packet engine for watching TCP, UDP, ICMP and ARP traffic, collecting TCP connections with sequence numbers and the ACK storm detection; Switched Environment - hosts on switched ports can be spoofed, sniffed and hijacked too; much, much more. Requires Linux 2.2, GlibC 2.1 with LinuxThreads, Ethernet.
ac19041b44e008c04d61ff7f5b5814d6dca222360f7b72d642db09ae5b89b9b3
This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202
This Metasploit module exploits a stack-based buffer overflow vulnerability in versions 4.3.2.0 and below of Irfanview's JPEG2000.dll plugin. This exploit has been tested on a specific version of irfanview (v4.3.2), although other versions may work also. The vulnerability is triggered via parsing an invalid qcd chunk structure and specifying a malformed qcd size and data. Payload delivery and vulnerability trigger can be executed in multiple ways. The user can double click the file, use the file dialog, open via the icon and drag/drop the file into Irfanview\'s window. An egg hunter is used for stability.
c5cce711dbd4abe77f358a5360b9fd21367c38e3811ab24c191fb5a02cb79609
Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.
8cd5c31b7f0c7cbe85c70e74937d591fa2f021fb900aa474559748f67de240ed
This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.
2bc92ff43f6bcca9c19f782162fc5db7f333fc90bad8a57b6c286fccae52a802
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
a891c0b900417f2980f0e9afcdb10d1fd5581703be2587a92c90c7631b8814dc
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
8aed104a95e0968ecd5e1edac63a89615a69f27a46f562a20f107543a6ce2099
Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.
e3ee80f9e583422dca0ef40fef6b1c192c1da12311e53628b885e95e7f419bbe
Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.
fd8d36251f2ddc9fcea601c55652a9a591bf0d2d18d9d9b24252773e06529a61
This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
df5bc33eaeb96b0f6521c6843db41166584ab0601a42185c148d886d2a3268c5
PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
3c0e45c995b45ccd06e3e1921ce42b2dc006e7c50ef41f09e35465397971feca
PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
9518133a3f1021b40158214497372d472d196b47de6a8109d45d82f46f801c50
PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13f
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
bbeb032e2f9929a6af65472aee0188c9962b2569eed6ca4c4d073142f10ab850
eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239
This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.
f768d01949d1c55ca3bfc13b8651ff570985496cb1e98d04e3b557ddfbf40e5e
PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
add28806781ecf08f8b6dd125cf3fe1ef7b0857f91e72062ae1768273680e1fe
Linux/x86 egghunting shellcode.
e7ee2ccf5f9bac4883900389d6e7cb5d2ce0dd12f85fb2e383e8e35f89ca3b75
This Metasploit module exploits a vulnerability found on 7-Technologies IGSS 9. By supplying a long string of data to the 'Rename' (0x02), 'Delete' (0x03), or 'Add' (0x04) command, a buffer overflow condition occurs in IGSSdataServer.exe while handing an RMS report, which results arbitrary code execution under the context of the user. The attack is carried out in three stages. The first stage sends the final payload to IGSSdataServer.exe, which will remain in memory. The second stage sends the Add command so the process can find a valid ID for the Rename command. The last stage then triggers the vulnerability with the Rename command, and uses an egghunter to search for the shellcode that we sent in stage 1. The use of egghunter appears to be necessary due to the small buffer size, which cannot even contain our ROP chain and the final payload.
159bcc6e1d0a284b89e943dc6ab734d6c2d4c9cfd17f99602199371978ca7d42
Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.
73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687
This Metasploit module exploits a stack buffer overflow in Magix Musik Maker 16. When opening a specially crafted arrangement file (.mmm) in the application, an unsafe strcpy() will allow you to overwrite a SEH handler. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. Egghunter is used, and might require up to several seconds to receive a shell.
270a3316873b5bc88495642eac3f7de2a3221c8b7aa36519b966bed7c9dff806
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
bff01b00a04b4f8d246cef236da44a4b42ee12eab2af28f943e5c55dfca9f9ce
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
b4b02f031240e624405bb78c70f1bf7bc072a81cb290c25606afecbe4600b6b5
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
72da911bfc77431234e0bff1286afe803d438992f016d2dd1f846b745e94dabf
Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
699e68d94b0bf5e8d293adb4aa1e03c377f9ff173336de2f1ecaf57f72aa5c02