Favorites from josh

Whitepaper called Linux Exploit Development Part 2 (rev 2) - Real app demo. It demonstrates the techniques discussed in part two of the Linux Exploit Writing Tutorial Part 2.

This whitepaper is the Linux Exploit Writing Tutorial Part 3 - ret2libc.

An ICMPv6 router announcement flooding denial of service vulnerability affects multiple systems including Cisco, Juniper, Microsoft, and FreeBSD. Cisco has addressed the issue but Microsoft has decided to ignore it.

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Adobe Omniture suffers from a vulnerability where a malicious cookie can hijack secure connections to the domain by injecting malicious javascript into the page via the cookie.

This python script attempts to check a given domain for various subdomains.

A buffer overflow vulnerability in the caiaq USB drivers in Linux has been identified. These drivers are in the kernel tree and installed by default in most Linux distributions. This vulnerability could be exploited in order to execute arbitrary code by an attacker with physical access to the system.

Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.

Mandriva Linux Security Advisory 2011-024 - The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.

Apache CouchDB versions 0.8.0 through 1.0.1 suffer from a cross site scripting vulnerability.

Whitepaper called Bypassing Browser Memory Protections.

This Linux kernel CAP_SYS_ADMIN exploit leverages a signedness error in the Phonet protocol. By specifying a negative protocol index, it crafts a series of fake structures in userspace and causes the incrementing of an arbitrary kernel address, which then gets leveraged to execute arbitrary kernel code.

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

IBM Tivoli Storage Manager version 6.1 local root in DSMTCA GeneratePassword exploit.

USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

Whitepaper called AEG: Automatic Exploit Generation.

Anonip replaces all IP addresses in a text file with a seemingly random one in a intelligent way. It is intended to anonymize the sensitive IP data in a file so that this file can be distributed without exposing one to security or privacy risks.

Whitepaper called How To Create a Shellcode on ARM Architecture.

NoScript versions prior to 2.0.5.1 suffer from a reflective cross site scripting vulnerability via SQL injection.

ImageShack Toolbar version 4.8.3.75 remote code execution exploit.

Apple Safari versions 4.02 through 4.05 and Windows versions 5.0 through 5.0.2 suffer from cross-domain information leakage and temporary user tracking vulnerabilities.

Whitepaper called Oracle Penetration Testing Using the Metasploit Framework.

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.