what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 177 RSS Feed

Worm Files

Morris Worm fingerd Stack Buffer Overflow
Posted Nov 5, 2018
Authored by wvu, Robert Tappan Morris, Cliff Stoll | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.

tags | exploit, worm, overflow
SHA-256 | 5f407350c1d9280dd4c5077754d558bd32be9404ebe5f76676b4a472abb2658d
Hak5 WiFi Pineapple Preconfiguration Command Injection 2
Posted Oct 19, 2016
Authored by catatonicprime | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.

tags | exploit, worm
advisories | CVE-2015-4624
SHA-256 | f541430f19dac4f0494fce74a1f639f98b5978e237ef67e38fdf6c2074172475
Metamorphic Worms: Can They Remain Hidden?
Posted Feb 2, 2015
Authored by Reethi Kotti

Whitepaper that discusses types of computer worms and how metamorphic worms differ from the rest.

tags | paper, worm
SHA-256 | a0add4653a5c75e92a5147130c2b9d8fa675a786b51bb7b700de2c8af48867f3
Linksys E-Series TheMoon Remote Command Injection
Posted Apr 5, 2014
Authored by Michael Messner, Rew, juan vazquez, infodox, Johannes Ullrich | Site metasploit.com

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.

tags | exploit, worm
SHA-256 | 8562df406cf3a664284fb32daf860dcc7c4a95b65db2f358b2abed16cc85d646
Linksys Worm Remote Root
Posted Feb 17, 2014
Authored by infodox

Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.

tags | exploit, worm, cgi, proof of concept
SHA-256 | ae7d5127e7b3b8fa46d888c48b1a569122f9a4eb074e9be265ffb8853f9989d3
Linksys E-Series Remote Code Execution
Posted Feb 17, 2014
Authored by Rew

Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm.

tags | exploit, worm, remote
SHA-256 | 78e82ca781d0bf202c1592072afde4056c2f49e9ef54f2deb4e6b7ae0a5203ab
To Kill A Centrifuge
Posted Nov 21, 2013
Authored by Ralph Langner | Site langner.com

Whitepaper called To Kill a Centrifuge - A Technical Analysis of What Stuxnet's Creators Tried to Achieve.

tags | paper, worm
SHA-256 | 75e6d217f9ac0859aa9d4ad1ececb2d395e122d6a0d1fa7cb30fc9e81bc01da9
Wormtrack Network IDS 0.1
Posted Nov 10, 2011
Authored by Aleksandr Brodskiy | Site code.google.com

Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.

tags | tool, worm, local, intrusion detection
systems | unix
SHA-256 | d14c1f13e9ebf372fff1196929b62f243ebe2d1b93e88472662a96e12abd305b
PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution
Posted May 5, 2010
Authored by Michael Brooks

PHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit.

tags | exploit, worm, remote, php, code execution
SHA-256 | 709a6c983caf633169b35361a482b76b0516defa5dcf6ea97d1514615379d27b
LPRng use_syslog Remote Format String Vulnerability
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

tags | exploit, worm
systems | linux, redhat
advisories | CVE-2000-0917
SHA-256 | 9e9d9c676ffe3ef941db4fdffa7e60d38ecbbd2e8ce49d12e73a620e668ef3d6
Sasser Worm avserve FTP PORT Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, Val Smith, chamuco | Site metasploit.com

This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.

tags | exploit, worm
SHA-256 | 5d5c22dfbd84d41c7c21a45e5676f648dbcc83cd3302d47b1a95c27ace3b87f0
How Conficker Makes Use Of MS08-067
Posted Apr 15, 2009
Authored by Bui Quang Minh, Hoang Xuan Minh

Whitepaper called How Conficker makes use of MS08-067.

tags | paper, worm
SHA-256 | c85e38425c879865b44dab94c6cdc62028015e130f3558fc226371b1a7cead19
Using ShoutBoxes To Control Malicious Software
Posted Apr 14, 2009
Authored by Feathers McGraw

Whitepaper called Using "ShoutBoxes" to control malicious software.

tags | paper, worm
SHA-256 | 91a1817d06be8df94c362006adb3692753968eda65e7b1c2b874192986c6fb0e
Technical Cyber Security Alert 2009-88A
Posted Mar 30, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

tags | advisory, worm
systems | windows
SHA-256 | 889abea95838642c06f272a52a5487dbaad89f603f848630737ddad4c4d9c103
Exploit Web 2.0, Real Life XSS-Worm
Posted Feb 5, 2009
Authored by Zigma | Site nullarea.net

Whitepaper called Exploiting Web 2.0, Real Life XSS-Worm.

tags | paper, worm, web
SHA-256 | de5ab8adb4270d52d585f53dd3f643708a861804db127890d71fbc495b960293
Posted Nov 20, 2008
Authored by Mx

The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.

tags | exploit, worm, vulnerability, xss, csrf
SHA-256 | 5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723
Posted Jun 20, 2007
Site auto.tuwien.ac.at

The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA.

tags | paper, worm, conference
SHA-256 | 7ab6cf12db2ea05d1265b04647eb4163b4b0157453df2402b32375452ad9bdcd
Technical Cyber Security Alert 2007-59A
Posted Mar 6, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.

tags | advisory, worm, tcp
systems | solaris
advisories | CVE-2007-0882
SHA-256 | c60e7bc310613d33d33a98a1edbc2631c071660310ba2150f308dde78ea65c2d
Posted Mar 6, 2007
Authored by s0ftpj, vecna | Site s0ftpj.org

This code shows how to send hidden data steganographed into a simulation of common (worm) traffic.

tags | worm
SHA-256 | 72789619c48df1f96f8be7684eaa9420f1b13be1f7734eed11122fd57144ff76
Posted Dec 6, 2006
Authored by Yuri Gushin

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version.

tags | tool, worm, sniffer
systems | windows
SHA-256 | 7eabebd66ac090b251bc5cd139587913bb7d2b46d6e9bebdfdd191cb64093464
Posted Dec 6, 2006
Authored by Yuri Gushin

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the binary executable version.

tags | tool, worm, sniffer
systems | windows
SHA-256 | 382e2b308fc000e37ee162e3694b2218e3551d86497c286dd22d788b2c533e14
Posted Nov 16, 2006
Authored by Jose Nazario | Site monkey.org

vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.

Changes: Miscellaneous updates.
tags | worm
systems | unix
SHA-256 | 81371e8cfdf739eccf59b70ac3a40d53a00742977da0f7c73029f63c7261246e
Posted Nov 1, 2006

Advanced Polymorphic Worms: Evading IDS by Blending with Normal Traffic.

tags | paper, worm
SHA-256 | 172077357cd30fcc62e04169f1ec84f6a94d98bf29814df319b1c50ade80699a
Posted Nov 1, 2006

Anomalous Payloadbased Worm Detection and Signature Generation.

tags | paper, worm
SHA-256 | 1a316e80a29f60a55607e500d38fbace3e0c8aa7b2006af81a622cbbe5f4d5c0
Posted Nov 1, 2006

Autograph: Toward Automated, Distributed Worm Signature Detection.

tags | paper, worm
SHA-256 | 0cb4a3046f7bf52bd0b79c0cbfe693b088d13cc12fc0289d06e30e18c8114e8c
Page 2 of 8

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By