Rapid 7 Advisory R7-0006 - Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service. Oracle 8i (8.1.x), Oracle 9i Release 1 (9.0.x), and Oracle 9i Release 2 (9.2.x) can be crashed via the SERVICE_CURLOAD command. Fix available here.
c3f7eb6deb3d0642c420524eaf6a2d34915d5bfd56f39c76f63c3b9b6b262ccb
Mod_ssl off-by-one bug exploitation toolkit for OpenBSD. Creates a malicious .htaccess file which replaces the apache server process with an included HTTP server.
a346c7fbb1e47b293c3ddfa1d114907bec57437d480d6713700617dd05998c97
Remote exploit for the Eudora v5.x boundary buffer overflow. Works against Eudora v5.1 and 5.1.1 and is independent of Windows version.
90633dbef55dd736ab63d71a19ed60653fd9362cdb28994ff53c4c53cd5917ab
SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
7e60aa2ee5f63e45aef6983e693d49307392415159e2911380a829d8738ba7df
Windows Help Buffer Overflow proof of concept remote exploit in Visual Basic 6. Starts a cmd.exe shell on Microsoft Windows XP Kernel Version 5.1.2600.0. Includes source.
88652c46f902e3a45513ed5b3621c9a85303a6fc3186232bbef5b01d5a4f5559
Linux Traceroute v1.4a5 and below local root exploit which takes advantage of a malloc chunk vulnerability. Uses gdb to find offsets.
2b8d9dac84e0f7dd993e19acd912184417a595f94fb1481ffc67eaa6c492e43e
SNORTRAN: An Optimizing Compiler for Snort Rules White Paper. Snortran is an optimizing compiler for intrusion detection rules popularized by an open-source Snort IDS. While Snort and Snort-like rules are usually thought of as a list of independent patterns to be tested in a sequential order, we demonstrate that common compilation techniques are directly applicable to Snort rule sets and are able to produce high-performance matching engines. SNORTRAN combines several compilation techniques, including cost-optimized decision trees, pattern matching precompilation, and string set clustering. Although all these techniques have been used before in other domain-specific languages, we believe their synthesis in SNORTRAN is original and unique.
79565a4a31e7863d80bd74da1b3844a33f94cd89b699d40cbe776f5b712cb9d5
ICMP-Chat is an encrypted console chat program that uses ICMP packets. ICMP-Chat uses enigma (crypt) for encryption. It is a peer-to-peer chat program that enables you to hide your chat or to chat through many firewalls.
f7d58d7d0091f083fb97d412c6673ca85a83744c123f900ee30eb207636551e9
Open Source Digital Forensics Tools: The Legal Argument - This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a tool must be reliable and relevant. The reliability of evidence is tested by applying "Daubert" guidelines. To date, there have been few legal challenges to digital evidence, but as the field matures this will likely change. This paper examines the Daubert guidelines and shows that open source tools may more clearly and comprehensively meet the guidelines than closed source tools.
1dea4d20683fc6e458972fda2847864b0e3cc1d23d2688366a4a7f52018805f9
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 920 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
137fb63a1878c777037c43c00d4c8257fbca749f58c5ef5c1c5701b0cf114b98
The Solaris 2.6, 7, and 8 /bin/login TTYPROMPT remote exploit compiled with Cygwin for Windows. Tested against SunOS 5.5, 5.5.1, 5.6, 5.7, 5.8 Sparc and SunOS 5.6, 5.7, 5.8 x86.
aa6b179ece825f6a33fea415b76244d8566d05ba0d2235f548323fc532522bbd
Spastic is a TCP SYN flooder for Windows 2000/XP which packets with random source ip.
e9a3efe503a99899cc3e309ca8602155a7b54f18b5827bb2f169038c7efea0ea
The Legion 2000 Banner Scanner picks up banners for ssh, ftp, telnetd, wingates and more.
f0c4fce87e59a139f6bcd2167bd1fc39e797801ae92e98dd2d137fcfd3b60b80
Storm16 is a UDP flooder by Bytebandit
e1c00773f1d736212123e90d8827d0623c3bd2d4d1d36494b640ac76e8a6109c
AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network which has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an AIM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with AIM login names (handles). A basic Web frontend is included.
89794e0017767355b8ba5226e94f6973f28840c599892459638466f983ed741e
This paper describes how it is possible to send data in TCP headers using the acknowledgment numbers.
7d3622c2a90e4c221166d445cceb86235ad4192fe69fee022fc63d44f568f214
This is a 45 byte shellcode which does a setuid(0), execve /bin/ksh, exit().
9049d919acbeaa06ec4e73679271881418a307bc1916eab52b53f16637318c1b
This is a simple Script written to predial found connects scanned with Toneloc or THC-Scan in intention to find PPP-Dialups or to get the Hex-Values of the PPPD of the remote system. This tool generates output of chat and pppd in the logs directory.
e5937235250ee5d2d86f4a0dbfef61acc9cf89a618dd733d5aa813cbe8a53d83
CERT Advisory CA-2002-28 - Sendmail 8.12.6 was backdoored on September 28, 2002 to include a trojan which executes commands via outbound port 6667 connections.
16f700ec7e3be326630cbd89d3cab6c28d0a9309c218ea8bbc19b8ac3b8c5d38