The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server.
e0a35b69e4f5aef2395340390b513acaf3525217945eb4350d781f82b87e195fPerl port of the /usr/bin/lpset local root vulnerability in Solaris/SPARC 2.7. Based on lpset.sh.
d7a3671db5103886a50d238f176908dbdf003c5e30c4ebc5ea6fba725fccf9acSMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
27190bafedd46710e361a4de759ed1fb919aefd7840e72731dda48838278f0bfSMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
1da73e27fb59643dd6998adbcad2852ae9f92894f5b5ad30e9abbcac42f8bea8htaccess.tar - Perl script for adding users to the .htaccess file. Includes information on how to set up password protected web pages.
0136a4de0bb885ebc034bbecae45c0ad21f7fb4a273400f80ed682673066e15eLinux Elm 2.4/2.5 local exploit - This will give you a shell(gid=12) if /usr/bin/elm is SGID. Tested on slackware 4.0 and redhat 5.1.
7536b4523e151c49801d69c7104c931fe2839096af6eb7cedb39b3bd7d2a48ffMajordomo v1.94.5 local linux exploit - run commands as the UID that majordomo runs under.
953f408ed0e7227f1f766fd9a9fd554a804ae5ecd8f6c6aa40a809d4d15dc708sscan2k is a remote auditing/vulnerability scanner which determines remote OS, and scans the host for applicable vulnerabilities. Features updated vulnerability checks, a scripting language, support for plugins and addons, configureable OS fingerprints, dns zone and subnet scans. Based off sscan by jsbach.
e2be5ced88ce06701e0d2a7db26865443180d8781bcf73eb59d9ca6eba9ccc71Apache DSO backdoor - A get request to a "special" url allows remote command execution.
d49407f8380be928bcc8cb57171d11ca41fd2ec1f61a4678089d8ce1b6f3aaa9hellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0.
75f3c0bf13b260cd50665dcaca0b38166d372b5a1943a6e8675717b85338e5adsscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc.
a6f61002b67b260dd9f801c9a629380896d815e51bf747ee8b98e09a42b77705Buffer Syringe is a tool for win32 that tests a daemon for buffer overflow on it's parameter(s) sort of "brute forcing" or "stressing" the daemon by means of injecting a user specified parameter or a command with a value of a user specified number of characters to the daemon. Chances are, if the parameter being tested is vulnerable to an overflow, and the user specified number of characters exceeds that of the parameter's limit, then the daemon would likely crash.
abd825833c7b497a0e3d17058eb7119b3458be5b9e91dd6fa18bc85d104ab967Neon beta5 - Simple Host or Iplist cgi Scanner which does 358 checks.
a0fc3d293b0acf7825ebd5b79d94d7aa2fa74286565aaee9b6fc858b23fb9ae6-(- Neon beta4 -)- Simple Host or Iplist Cgi Scanner ( 356 ) Checks
86681f46a5aad3c105b7e34f6aa49625105ec65e6f590da99bbab08a785ed388Exploit/DoS for OmniHTTPd pro v.2.06 Win98 (NT not tested). The result is crash of remote server.
2ea397fa4d6ffdc85217872360f6e43ddc49e9256b4f705751e1ef43b7bc9c7cBuffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
194753d9dcfe5fbb7c168b8e80f18d5eaffacabc1c52ace278811d820dc6a435Project aurora is lamagra's non-blind LAN spoofing project. It can be used to create TCP connections from a non-existing box or another box in the network. The biggest problem while spoofing was guessing the sequence numbers to acknowledge and that the other box always sends back a reset when it receives a SYN|ACK. This used to be solved by abusing small bugs in the tcpip stack.
3468997662e967b3bb4c11bacb27971f09a1cd20742f8a53d195e8f32028fcc6fs-spider is a multi-threaded bad permissions finder (user defined). It
ea68f5abf6cbd21c366e7f35e65fb23ac152291db0553eeb4e10dfb206e2ff1aThis shellcode creates a connection to a host/port and starts a shell. This should be more anti-IDS then the others and it can go through a firewall.
d50e538d758dd930f5ec6b120b1229f2cdae67049c11ce1d22075a1a803c46f2Timbuktu Pro 2.0b650 denial of service exploit.
57c923b60dc99c9f00bd5df5a3490c3875a21a218befdfb11e7d5e49b5bd8ac6syslogd-to-MySQL wrapper v0.1 prebeta. Stores syslog messages in a MySQL database. Written for FreeBSD.
b44da69a92c3350c4053b05fab764bff3d6940f5eb010c5337cd82acb8578da7Plogd v2 (Revision 1.5) is a syn/udp/icmp packet logger for freebsd.
c8063e2434da5fb556ad35fc5af1b0a42d30521cf23bede1da4f7da952df83dfBufferOverflow Security Advisory #3 - libncurses buffer overflow in NCURSES 1.8.6 on FreeBSD 3.4-STABLE. Setuid programs linked with libncurses can be exploited to obtain root access.
d3900b7fe44530224283ef6bcd98f8704f6c629dab6bcb828e3d5083c81ea48egibd00r3.c is a passworded backdoor which pretends to be an ident daemon.
7b6db7e36e91a54f7173f857cc6b40ffcb38c863277fe0fb28b5d164b0d398fdnschecker.sh NS Security Scanner - Uses dig to query the bind version from a list of ips.
5203f72cc2e3666b7f8f06351f3fb5b0e8001b4e13f7f85d62b9195dd6f98dbd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed