RetaRDS.pl checks for IIS web servers which are vulnerable to the RDS bug. Includes host list scanning and IDS evasion.
8ab119af163fc9daed47a7f1e47a2ddb6b694004f8d9fb14478bf9d003f54d5d
Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
9e90411a076c4578051a6a030e0ddf9912c74a3586dd318b2d2f7e86d6cbe206
Sourcescan.pl looks through C source code for common vulnerabilities, including strcpy, gets, strcat, sprintf, fscanf, scanf, vsprintf, realpath, getopt, getpass, streadd, strecpy, strtrns, getenv, and setenv.
08e9707e93b71327f7308ac80c26eb28bcc78a62b4c77d056f8e210bed720e03
Many IDS systems detect buffer overflow exploitation by looking for a series of NOP's (hex 90) which are typically used to pad the buffer so the offset does not have to be exact. Instead of using NOP's, a stealthy exploit could jump to the next instruction (jmp 0x00) or jump a small number of instructions.
5a83aa8429b3c9c4766634a3e4e0e6c3a972a542233b82a48fde3c8475fd483b
BitchX dos exploit - joins a channel with %s in the name, and invites target nick.
454c258db3817f6310a5b53eef7dcb95058960cff7c6b95c5c1b94c2b3b38f0e
Quick perl script to search through the history file of each user on your system for a certain command (i.e. "cat /etc/passwd").
9bff10e0b13f74501fe381001cf0e37279e3be5fca0e60e87cb1c850a547780f
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
a9a2d6cb059ca360921cfea53192a86691abc7cab592a0d3711c7ca85e80a471
A simple yet sophisticated perl script that runs in the background and monitors for user attempts to su to root. If one is detected, the log file is immediately mailed to a specified user and a backup is created in /tmp. Very useful for attempting to keep track of logs after an intrusion has occured.
9d5a05a262ce5c62f5af07164aa226ee20f05a3529a13f4c3b10f6642e980ec1
suidbofcheck.pl searches the system for suid binaries in /usr/bin, /bin, /sbin, and /usr/sbin and tests each one against a standard buffer overflow (both with and without the use of environmental variables) at a specified offset.
cdfabbf02010e314aaf0717fec7794934ca6e1c28d934c051807997557d665e4
Exploits the auto registration feature of most ChanServ bots and causes it to die. This exploit has been known to work on networks including DalNet, CobraNet and RelicNet.
865f6f01d3cc5bf17ccb21f2ea7ad728f0e13a90f25b6ff1a1fe00b5b3a4ad68
ICQ Web Front DOS Exploit - guestbook.cgi, part of ICQ web front, is vulnerable to a remote denial of service attack. This shell script exploit generates a malformed POST request and uses netcat to send it to port 80 of the victim host.
b8e9e0819dfa1cd572dcf565fd2d91d1830fea0eb549bcc41414b0da7e85f832
Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.
ccc299ad0540b9e3f12b44614383906c104dcf932edf981963b113749e28fa08
Exploit for the (patched) major security issue with networksolutions.com(easysteps.pl) which would have set up a bindshell if it had been run.
9341f14a0079af7d87506afc61d98b1ef1589d7eeb8b50a03d204c3b48807cbf
The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit included, which drops a shell, unlike previous whois_raw.cgi exploits.
cdcb04dcc8c8d833822d837b47e293b61db57cc6668962ea1ef6d1dbedf1b93b
communigate.pl is a DoS exploit against CommuniGatePro 3.1 for NT.
3c4ca0bd0f5f75d0a744d6c32d7bbbc01e060250be2da4e3f804f20d72c0e403