exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

hunt-1.5bin.tgz
Posted May 30, 2000
Authored by Pavel Krauz | Site cri.cz

Hunt (linux binary distribution) is a program for intruding into a tcp connection, watching it and resetting it. It can handle all connections it sees. Features: Connection Management - setting what connections you are interested in, detecting an ongoing connection (not only SYN started), Normal active hijacking with the detection of the ACK storm, ARP spoofed/Normal hijacking with the detection of successful ARP spoof, synchronization of the true client with the server after hijacking (so that the connection don't have to be reset), resetting connection, watching connection; Daemons - reset daemon for automatic connection resetting, arp spoof/relayer daemon for arp spoofing of hosts with the ability to relay all packets from spoofed hosts, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic with the ability to search for a particular string; Packet Engine - extensible packet engine for watching TCP, UDP, ICMP and ARP traffic, collecting TCP connections with sequence numbers and the ACK storm detection; Switched Environment - hosts on switched ports can be spoofed, sniffed and hijacked too; much, much more. Requires Linux 2.2, GlibC 2.1 with LinuxThreads, Ethernet.

Changes: Bug fix release - computation of packet checksum has been fixed, packet relaying for routers has been corrected, unprintable characters are printed in <hex> and printing of terminal control characters can be turned off.
tags | tool, udp, spoof, sniffer, tcp
systems | linux
SHA-256 | ac19041b44e008c04d61ff7f5b5814d6dca222360f7b72d642db09ae5b89b9b3

Related Files

HP Data Protector Create New Folder Buffer Overflow
Posted Jul 2, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution
advisories | CVE-2012-0124, OSVDB-80105
SHA-256 | 962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202
Irfanview JPEG2000 4.3.2.0 jp2 Stack Buffer Overflow
Posted Jul 2, 2012
Authored by Parvez Anwar, mr_me, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in versions 4.3.2.0 and below of Irfanview's JPEG2000.dll plugin. This exploit has been tested on a specific version of irfanview (v4.3.2), although other versions may work also. The vulnerability is triggered via parsing an invalid qcd chunk structure and specifying a malformed qcd size and data. Payload delivery and vulnerability trigger can be executed in multiple ways. The user can double click the file, use the file dialog, open via the icon and drag/drop the file into Irfanview\'s window. An egg hunter is used for stability.

tags | exploit, overflow
advisories | CVE-2012-0897, OSVDB-78333
SHA-256 | c5cce711dbd4abe77f358a5360b9fd21367c38e3811ab24c191fb5a02cb79609
Secunia Security Advisory 49512
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 8cd5c31b7f0c7cbe85c70e74937d591fa2f021fb900aa474559748f67de240ed
EZHomeTech EzServer 6.4.017 Stack Buffer Overflow
Posted Jun 19, 2012
Authored by modpr0be | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.

tags | exploit, overflow
SHA-256 | 2bc92ff43f6bcca9c19f782162fc5db7f333fc90bad8a57b6c286fccae52a802
Rootkit Hunter 1.4.0
Posted May 1, 2012
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: This release adds eleven bugfixes, seven changes, and five new items.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
SHA-256 | a891c0b900417f2980f0e9afcdb10d1fd5581703be2587a92c90c7631b8814dc
Jynx-Kit Release 2
Posted Mar 18, 2012
Authored by ErrProne

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.

Changes: Improved SSL backdoor.
tags | tool, shell, rootkit
systems | linux, unix
SHA-256 | 8aed104a95e0968ecd5e1edac63a89615a69f27a46f562a20f107543a6ce2099
Sysax 5.53 SSH Username Buffer Overflow Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, remote, overflow, shell, shellcode, code execution
SHA-256 | 1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, shell, shellcode
SHA-256 | e3ee80f9e583422dca0ef40fef6b1c192c1da12311e53628b885e95e7f419bbe
Sysax Multi Server 5.52 Buffer Overflow
Posted Feb 10, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.

tags | exploit, overflow, shell, shellcode
SHA-256 | fd8d36251f2ddc9fcea601c55652a9a591bf0d2d18d9d9b24252773e06529a61
Egg Hunting Against BisonWare FTP Server
Posted Feb 7, 2012
Authored by Ashfaq Ansari

This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.

tags | paper, shellcode
SHA-256 | df5bc33eaeb96b0f6521c6843db41166584ab0601a42185c148d886d2a3268c5
PHP Vulnerability Hunter 1.2.0.2
Posted Jan 10, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Fix made in relation to the error reporting.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | 3c0e45c995b45ccd06e3e1921ce42b2dc006e7c50ef41f09e35465397971feca
PHP Vulnerability Hunter 1.2.0.1
Posted Jan 9, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added tooltips to GUI, input map report, automatic error reporting, port setting, static analysis phase, and a ton more. Minor CLI tweaks. Code annotation improvements and updated help menu shortcut.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | 9518133a3f1021b40158214497372d472d196b47de6a8109d45d82f46f801c50
PHP Vulnerability Hunter 1.1.4.6
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory.
tags | tool, arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13f
Jynx Kit Userland Rootkit
Posted Oct 17, 2011
Authored by ErrProne

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.

tags | tool, shell, rootkit
systems | unix
SHA-256 | bbeb032e2f9929a6af65472aee0188c9962b2569eed6ca4c4d073142f10ab850
eSignal / eSignal Pro 10.6.2425.1208 Buffer Overflow
Posted Sep 29, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.

tags | exploit, overflow
advisories | CVE-2011-3494, OSVDB-75456
SHA-256 | 45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239
DaqFactory HMI NETB Request Overflow
Posted Sep 19, 2011
Authored by Luigi Auriemma, mr_me | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.

tags | exploit, overflow
advisories | CVE-2011-3492, OSVDB-75496
SHA-256 | f768d01949d1c55ca3bfc13b8651ff570985496cb1e98d04e3b557ddfbf40e5e
PHP Vulnerability Hunter 1.1.3.1
Posted Aug 16, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | add28806781ecf08f8b6dd125cf3fe1ef7b0857f91e72062ae1768273680e1fe
Linux/x86 Egghunting Shellcode
Posted Jul 22, 2011
Authored by Ali Raheem

Linux/x86 egghunting shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | e7ee2ccf5f9bac4883900389d6e7cb5d2ce0dd12f85fb2e383e8e35f89ca3b75
7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
Posted Jun 9, 2011
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found on 7-Technologies IGSS 9. By supplying a long string of data to the 'Rename' (0x02), 'Delete' (0x03), or 'Add' (0x04) command, a buffer overflow condition occurs in IGSSdataServer.exe while handing an RMS report, which results arbitrary code execution under the context of the user. The attack is carried out in three stages. The first stage sends the final payload to IGSSdataServer.exe, which will remain in memory. The second stage sends the Add command so the process can find a valid ID for the Rename command. The last stage then triggers the vulnerability with the Rename command, and uses an egghunter to search for the shellcode that we sent in stage 1. The use of egghunter appears to be necessary due to the small buffer size, which cannot even contain our ROP chain and the final payload.

tags | exploit, overflow, arbitrary, shellcode, code execution
SHA-256 | 159bcc6e1d0a284b89e943dc6ab734d6c2d4c9cfd17f99602199371978ca7d42
Xitami Web Server 2.5 Buffer Overflow
Posted Jun 4, 2011
Authored by Glafkos Charalambous

Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.

tags | exploit, remote, web, overflow, shellcode
SHA-256 | 73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687
Magix Musik Maker 16 .mmm Stack Buffer Overflow
Posted May 23, 2011
Authored by corelanc0d3r, Acidgen | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Magix Musik Maker 16. When opening a specially crafted arrangement file (.mmm) in the application, an unsafe strcpy() will allow you to overwrite a SEH handler. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. Egghunter is used, and might require up to several seconds to receive a shell.

tags | exploit, overflow, shell
systems | windows
advisories | OSVDB-72455
SHA-256 | 270a3316873b5bc88495642eac3f7de2a3221c8b7aa36519b966bed7c9dff806
GNU SIP Witch Telephony Server 1.0.0
Posted May 15, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release is intended to provide a stable release family to power existing secure calling services for public and private use while GNU Free Call services are developed for sipwitch 2.0.
tags | telephony
systems | unix
SHA-256 | bff01b00a04b4f8d246cef236da44a4b42ee12eab2af28f943e5c55dfca9f9ce
GNU SIP Witch Telephony Server 0.10.2
Posted Mar 18, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: cmake build was introduced. A new desktop permissions mode was added for integration between sipwitch service running as a privileged daemon and the user desktop. The utilities were reorganized and simplified.
tags | telephony
systems | unix
SHA-256 | b4b02f031240e624405bb78c70f1bf7bc072a81cb290c25606afecbe4600b6b5
GNU SIP Witch Telephony Server 0.10.0
Posted Feb 26, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release consolidates the use of usecure for computing digests to simplify the configure script and to introduce a cmake build script. This will make it easy to build and debug with IDEs like kdevelop and codeblocks on GNU/Linux, as well as IDEs on other platforms such as xcode, Visual Studio (yes, sipwitch is cross-platform), etc.
tags | telephony
systems | unix
SHA-256 | 72da911bfc77431234e0bff1286afe803d438992f016d2dd1f846b745e94dabf
Mandriva Linux Security Advisory 2011-006
Posted Jan 14, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

tags | advisory, remote, web, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2010-4539, CVE-2010-4644
SHA-256 | 699e68d94b0bf5e8d293adb4aa1e03c377f9ff173336de2f1ecaf57f72aa5c02
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close