MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
4b3886734324f04fab377511023d5ae0c9dbdbd5db446f455e3c4d58129385f7
Whitepaper detailing how getting an MD5 collision of two images is now(*) trivial and instant.
c4206bccb126ba93426ea9fe9689204d9bff9361d55aec335208112e5499a3f0
Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities.
0b8140e53c7c0f1f92e8675c79e10a58397a4335cc65b525b3ae336d8c75f408
Ruby Gem md2pdf suffers from a remote command injection vulnerability.
961566ce1e369fe89fe75f7891fe11b15c66c71e0cc7df7e1c118806ee180d04
This is a simple python script for cracking MySQL MD5 passwords.
2eabc6d50aa0308a12f9f621132d81ab8133f46b0854377425c4d9b0bac9f450
Magnolia Development Group suffers from cross site request forgery and remote SQL injection vulnerabilities.
0dddd55b632c330921a6380014bf5672a8699881752fd31e21554b069d0bbdd0
This is a simple php script that takes a set of MD5 sums and checks them against md5-decrypter.com and md5decryption.com.
7357299298193cb34d03faec7fb2a8d6f64eadd69933f494f1a98e70606e3a9d
This shell script takes in a md5 sum and uses various online cracking resources to try and figure out what was hashed.
b4bde0e95d3672d6aed81e49a5aa2f7653d49d7b9b0fce5ca6c48c4dddb8ae3b
MDaemon Mailer Daemon version 11.0.1 suffers from a remote file disclosure vulnerability.
2bbf244585bc1c9905c4f926b37c9bfbdeaf6a38b2dc0652ad33b67113f42a8e
MD5 Encryption / Decryption PHP Script suffers from a cross site scripting vulnerability.
77cc59b654a4442e4b48b54532021d6a3355bb06530cd9d10a61d90aa0fe7e20
This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
ab790525ee06e4631621b8a149d2cc10a555ebb52be8f2bcf2739624fa36b789
This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
e1e88ec1c914159c02c88aa646f73a91ac2acbc316b4991a9d0f98473b227142
This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
9a7e8845ddbf7fb0e6b7482b9b8e9b1da4f7b29d2b83ac012d206510dc73a91c
MD5 MySQL database brute forcing utility. Written in Python.
812ddd835e746192f01da1dcf222b86c588ac9cdebf484c6cfe2ee1309c1b87b
Simple script to crack MD5 signatures. Needs a dictionary file, of course.
694c975d932707afab3b31c98cb2d114441cee8ca9f3a16271d82f31b00977dc
MD5 Considered Harmful Today - Creating A Rogue CA Certificate. The authors of this paper have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept they executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows them to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.
7bc4a39c6558907b3bf4b6c5957b648d7c871e27bac56e6bbd00a2afbfd679f2
Small shell script to brute force MD5 hashes.
f87813eabb4710f5991a4f961e02c2c5687de3355ab0e7d9075d5a4268c8e7f9
MD5 cracking program written in PHP that takes a wordlist.
f9b2902fc4fb1490642f1479890aa36065194d453cfced3a161862ffa51e08b9
MDaemon IMAP server version 9.6.4 FETCH command remote buffer overflow universal exploit that binds a shell to port 4444.
46172680402d72918d7c2218e17716c08edb90bc46bac08874a8277b85c54ab2
MD5 hash brute forcing utility.
33d7e9e56e18e575f25076691fa9321cf18d5d0a1578fbed06bedead098bf7ad
MDCrack is a free, feature filled password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 8 characters (16 for PIX algorithms) and 55 characters when salted. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization designed to best fit with a specific set of command line options. Whatever command line configuration is used, MDCrack will always arrange to use the best available core. To date, this program supports bruteforce attacks on MD2, MD4, MD5, NTLMv1 and PIX (enable and users) hashes, the list of algorithms is growing up. Multithreading allows for parallel cracking and load sharing between several CPUs and multiplies overall speed by the number of available processor(s).
9593af74b8a11d0e64180ad1fb001d350707f3825c6d32f9b31644937f17766c
MDCrack is a free, feature filled password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 8 characters (16 for PIX algorithms) and 55 characters when salted. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization designed to best fit with a specific set of command line options. Whatever command line configuration is used, MDCrack will always arrange to use the best available core. To date, this program supports bruteforce attacks on MD2, MD4, MD5, NTLMv1 and PIX (enable and users) hashes, the list of algorithms is growing up. Multithreading allows for parallel cracking and load sharing between several CPUs and multiplies overall speed by the number of available processor(s).
d82d9d0897fb3dcca072bcf641acc2c197e69d17e77d40bc57f48b84b307a906
Very small python program that attempts to crack a md5 hash using an external wordlist.
d9432ac047f99766329e140a2cff5d6332507aaf07eda2699e62f22d3b80ae5d
md5tables is a shell script that references a wordlist of md5 hashes and words for password auditing.
c9ba9acafe6babf9fadbb9d9c6394ac75654d69684da4c884029cedd12da9237
MDCrack is a free, feature filled password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 8 characters (16 for PIX algorithms) and 55 characters when salted. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization designed to best fit with a specific set of command line options. Whatever command line configuration is used, MDCrack will always arrange to use the best available core. To date, this program supports bruteforce attacks on MD2, MD4, MD5, NTLMv1 and PIX (enable and users) hashes, the list of algorithms is growing up. Multithreading allows for parallel cracking and load sharing between several CPUs and multiplies overall speed by the number of available processor(s).
e7746486dd30fc6921a9e419810f4a9c48ca31e4139cb7b2298bfea7b4875075
Proof of concept remote exploit for the MDaemon POP3 preauth buffer overflow. MDaemon versions 8 and 9 are susceptible to this.
e36d9a6cd5875ac91dfbfc8be90a0ef092197e21924979c6115982c649be0d8b