exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 85 RSS Feed

Shadow Penguin Security

Shadow Penguin Security
ex_midiplug.c
Posted Nov 5, 1999
Authored by shadowpenguin

Midi-Plugin program "YAMAHA MidiPlug 1.10b" for Windows IE4/5 contains the buffer overflow bug. If the long "TEXT" variable is specified in EMBED tag, the buffer overflow occurs. If attacker sets the exploit on the webpage, visitor's host will be cracked by the any instructions written in the "TEXT" variable.

tags | exploit, overflow
systems | windows
SHA-256 | 2a70605bc9b04a24265c00812b131cf21426f0181e4073c6572a7373e6ba4550
ex_netsrv.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of NetcPlus SmartServer3. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the NetcPlus SmartServer3. T

tags | exploit, overflow
systems | windows
SHA-256 | 49069946261916158d6a9396a9ecd8ea197a8009a2efbd25d17a2127840d6082
ex_nextftp.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of NextFTP Ver1.82. It overflows when that receives the long message of CWD reply. This exploit code execute any command on the target windows, but, if you modify the exploit code, you can send any codes such as the format or remove program, virus, trojan, and so on.

tags | exploit, overflow, trojan, virus
systems | windows
SHA-256 | 47d7736f87fb1530ec150962846999918098ac81ec6b671d35f46b6d4f89c748
ex_pms-tr.c
Posted Nov 5, 1999
Authored by shadowpenguin

This is another personal mail server remote exploit. I also publish the exploit program that can send a trojan program which is prepared in the attacker host. Of course, it can be executed remotely. If the trojan program is sent, the victim machine will be controlled remotely.

tags | exploit, remote, trojan
systems | windows
SHA-256 | 1af18d870379d2efed6f956b9fbb2f89036673b7b62305dd1f0f23b667612eba
ex_pms.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of Personal Mail Server 3.072-3.09. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Personal Mail Server 3.072-3.09

tags | exploit, overflow
systems | windows
SHA-256 | 17339bed057ac8c0881bb3241b027969045a6a6d6911f4b0556a91f69c0c65c8
ex_sdtcm_convert.c
Posted Nov 5, 1999
Authored by shadowpenguin

Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris Sparc machines.

tags | exploit, overflow, local, root
systems | unix, solaris
SHA-256 | a0d7c588f719baff069310b8f91c793cc31be84e8863b2e4edbb769adf0abb05
ex_sdtcm_convert86.c
Posted Nov 5, 1999
Authored by shadowpenguin

Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris x86 machines.

tags | exploit, overflow, x86, local, root
systems | unix, solaris
SHA-256 | 1764caeacfb6acc3fbe32be85482da92a8fdec180449b4136f92d8edfbfc3228
ex_servu.c
Posted Nov 5, 1999
Authored by shadowpenguin

The buffer overflow bug is also in Serv-U Versuin 2.5 ftp daemon. In this case, the buffer overflow is cased if the daemon recives the long "cwd" message, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Serv-U Versuin 2.5. This exploit is coded for Windows98, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.

tags | exploit, overflow
systems | windows
SHA-256 | 7cb5a35c00e3e6f1813452aca09d14fdb57fd4a3ba89c8b26856789214ff4507
ex_ssmail.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of Skyfull Mail Server 1.1.4. It overflows when that receives the long MAIL FROM: in SMTP handling.If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Skyfull Mail Server 1.1.4.

tags | exploit, overflow
systems | windows
SHA-256 | 0057b545eb9da1b22336a25403153460dec69e5aaa9e5f39e32cb6f0c487e3fa
ex_tinyftpd.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of TinyFTPd Ver0.51. It overflows when that receives the long user name. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the TinyFTPd Ver0.51.

tags | exploit, overflow
systems | windows
SHA-256 | b192ded779312b596b0f4526c4736bedf144020badf03074e1420cae3448d82f
ex_urllive.txt
Posted Nov 5, 1999
Authored by shadowpenguin

URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific Software Publishing, Inc. (http://www.urllive.com/) has a "../" security problem, any users can download any files on the victim host.

tags | exploit, web
systems | windows
SHA-256 | dacc942f693a3194c253179e986fa6b5f04314b4f85b01771f5f40b38603f0f1
ex_uum.c
Posted Nov 5, 1999
Authored by shadowpenguin

Local root exploit code for buffer overflow in uum for Japanese Linux.

tags | exploit, overflow, local, root
systems | linux, unix
SHA-256 | 6883ef84c1d928fa1e9805d6ee8cd081c57968245eace2e2072ea8083a28edcc
ex_webbbs.c
Posted Nov 5, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

At the initial authorization handling of WebBBS, If the long longin name or password has been received, this CGI overflows. This overflow overwrites the RET address, EIP can be controlled. This overflow is used to execute any instructions which are included in the user name and password.

tags | exploit, overflow, cgi
systems | windows
SHA-256 | 6fabd952734503ddb8a5be6907794eb1cc3ef1ea5818b6ffc671fea9adf2308e
ex_zommail.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of ZOM-MAIL 1.09. It overflows when that receives the long attachment file name. If ZOM-MAIL 1.09 recives the e-mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This program can send the e-mail to any e-mail address, which is contained an exploit code that removes a "c:\windows\test.txt" file on the host.

tags | exploit, overflow
systems | windows
SHA-256 | e7d4cc605a7a1bf256d1c94b4051fe6008fbc9ed9b3cb9cd250ed29ca9985b11
extusr.zip
Posted Nov 5, 1999
Authored by shadowpenguin

This utility extracts the username and make a userlist file from the html file of "user's page" which can be often seen at the ISP's web page.

tags | web
systems | windows
SHA-256 | 5ff789059d09d32aa205b9714be3ecaacdc941d3055db336da242e615fce3a89
ftpt.c
Posted Nov 5, 1999
Authored by shadowpenguin

ftp trojan logs the hostname, username, and password when the local users use the ftp.

tags | local, trojan
systems | unix
SHA-256 | 8a3d1bd7795300d33e45002f6a46e071fbefb450870201eac7e1aeee73cf0a9c
gdd13.c
Posted Nov 5, 1999
Authored by shadowpenguin

This program is one of the ethernet packet sniffer for LINUX, FreeBSD, SunOS4.1, Solaris2, and IRIX that can log the all packets in each session of telnet, rlogin, pop3, ftp. If you install this program in the cracked server, you can also know the cracking process and the location of rootshell by the crackers. The logs of this tool is the evidence of the cracking, this tool is also useful for admin.

systems | linux, unix, freebsd, irix
SHA-256 | df2a9e01a85bafb69aa416188ed1cea017047015bc99aa5c1a9d0cd67e4d0ac5
gscan.c
Posted Nov 5, 1999
Authored by shadowpenguin

A generic banner scanner. eg scan for qpop 110, wuftpd 21, wingates 23, telnet banners 23, etc etc

systems | unix
SHA-256 | 6c91acdac7860bc6c8f947323fff0c03f4c97d8fd8cebfb891ee6248e6f1150c
hrs100.c
Posted Nov 5, 1999
Authored by shadowpenguin

This is one of the rootshell program. This program will be rootshell if you specify the special argment. If the special argment is not specified, this program calls a specified program. So, you name this program as well known suid program, it's very difficult for admins to find.

systems | unix
SHA-256 | ba06871c2d769a971556d49a3506b1b662ad02c2bd398bf1eee677942ec8d211
hrs110.sh
Posted Nov 5, 1999
Authored by shadowpenguin

Improved version of hrs. You can easy install hrs by this shell script.

tags | shell
systems | unix
SHA-256 | bb00d2adbb3299e05be6dd492a6aa1c6f7109d49838345be8584b4595bcec1ab
httpd_logadd.c
Posted Nov 5, 1999
Authored by shadowpenguin

This program can add the fake log to HTTPd remotely. Posted by root., Jan.08,1998

tags | root
SHA-256 | 973bdafafcf97232c3e363dbb2a5b2b6aaa53f9c5fe933b53fd19c0c3c06cfd7
ie_location.replace_hole.txt
Posted Nov 5, 1999
Authored by shadowpenguin

IE5 location.replace overflow exploit by L(phyx@i.am), Sep.21,1999. http://layer.webprovider.com/

tags | web, overflow
SHA-256 | 15b0ebaed0ced7c91c142109eba13d162499fe92c2465e089456ee5db7f924d9
iesrc.zip
Posted Nov 5, 1999
Authored by shadowpenguin

Source Viewer Changer for Internet Explorer 5. Posted by L(phyx@i.am), Nov.4,1999. http://layer.webprovider.com/

tags | web
SHA-256 | 7f83abb0f45706c3732128783229a116df017d89159a7cc9c7a535cfa1669cb6
irixaa.tar.gz
Posted Nov 5, 1999
Authored by shadowpenguin

This program checks many IRIX security holes automatically. If you are admin, can check easily the security vulnerabilities of each IRIX. Don't use for the auto attack. This scanner contains the ttdbserver attack, this function is based on the script which is developped by the rootshell. thanks.

tags | vulnerability
systems | unix, irix
SHA-256 | fdb645ddef470ad46457b433af158fdcca322e238d6798e1a9c1d9a0dfd44190
jsy.zip
Posted Nov 5, 1999
Authored by shadowpenguin, DP

Blute force attacker ShirakiYoko for Java.

tags | java
SHA-256 | e2fe49cb5a968a483f7b3eb0adf2c265af332c4317f58d4ab26b5473dd972a51
Page 2 of 4
Back1234Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close