Malbait is a honeypot written in perl. It creates fake servers and supports both TCP and UDP protocols, either singly or in combination. It outputs in CSV format as well as giving more detailed text reports. You can serve fake Telnet, FTP, SMTP, POP3, HTTP, TR-69, IMAP, asciitime, systat and echo servers, as well as serving blank or random output.
f51667a675e30504d2bfc0f0895042e9Asterisk Project Security Advisory - When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying to read the data stream. Thus rendering the system as unusable.
128c0dfe088bcd61f964d066fe306cc1GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
808b7aeee1439935e3e061b3bd84d3db105 bytes small Linux/x86 bindshell shellcode that spawns on TCP/4444.
843af161ff8f5f667b5b1c61ca684aff98 bytes small Linux/x86 TCP/5555 bindshell shellcode.
460b0890fcf26db29390427ea3c1ed44Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more.
0a1d449c8d146ccda6f1aaa0a27c3261101 bytes small Linux/x86 reverse TCP shell shellcode that connects to 10.0.7.17:4444.
6eeac0567a3fef4c667bd7ed8a53c0af113 bytes small Linux/x86 IPv6 TCP bindshell on port 4444 shellcode.
0b9eb7ceb9c4c0a8506d11f903a814d168 bytes small Linux/x86 reverse TCP shell shellcode.
992c716611405f56f700612608127eadThis Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).
409c199dae62513789f6016cba7903bdRed Hat Security Advisory 2018-1372-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include buffer overflow and denial of service vulnerabilities.
73567ccdb0af5ca9e37e65140bbb02e596 bytes small Linux/x86 reverse TCP shell shellcode that connects to 127.0.0.1:4444.
595d776824a93f7666b99a23897c290e113 bytes small Linux/x86 bindshell forking null-free shellcode for TCP/9443.
1d7c353245f7ee1d017285c4d7912ba9Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.
9424518a3a5f452ec2a431c5b398c292Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege escalation. In that case, port forwarding on the compromised host can be used. Code execution is achieved with the msfconsole command: irb -e 'CODE'.
21ee676f717921fe2b762176515eb4cd73 bytes small Linux x86 reverse TCP shellcode that binds to 127.1.1.1:5555.
9e96cce76f9491a2d09409a32e416c2692 bytes small Linux x86 tcp/1337 bindshell shellcode.
ff78686f2571f1c5269ce33e66a58c85Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
0003e4361ea844a40496678c8e58b1c2Ubuntu Security Notice 3586-1 - Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that the DHCP server incorrectly handled socket descriptors. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
08aea38d77f392f613434bd52973ae94Red Hat Security Advisory 2018-0377-01 - The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code.
1aa812e7e13bb49278f80bf03fa6c091Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.
0733c7c77cd97a87cdc416aef921fea4168 bytes small tcp/4444 shell-binding and IP controlled (192.168.1.190) null-free Linux/ARM shellcode.
e2400f0b4e82d6ae3fb4db72afd681e6Whitepaper called TCP Starvation. It discusses a new variant of a denial of service attack.
c256b298d0c5d0f7869895857dde6836136 bytes small Linux/x64 bind TCP (4444/TCP) shell (/bin/sh) + password (1234567) shellcode.
d05f6f0b7a7909402854121ee144dd6480 byte small Linux/ARM reverse TCP shell (192.168.1.1:4444/TCP) null-free shellcode.
ca358c6e2e10a456f686560467fee49d
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed