Section:  .. / 0209-exploits  /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 73
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: idefense.smrsh.txt
Description:
DEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
Author:David Endler, Zen-Parse, and Pedram Amini
Homepage:http://www.idefense.com
File Size:5421
Last Modified:Oct 2 08:17:32 2002
MD5 Checksum:6b1f79ee66a3ac3df14ff5df61ce1de7

 ///  File Name: interbase-gds-exploit.c
Description:
This exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP.
Author:grazer
Homepage:http://www.i-security.nl
File Size:1777
Last Modified:Sep 26 13:49:32 2002
MD5 Checksum:0ecb679470d57b48ec01e63e5ca67c13

 ///  File Name: k3.c
Description:
k3.c is a Linux proof of concept exploit for a buffer overflow vulnerability that exists in the atftp client version 0.5 and 0.6.
Author:sacrine.
Homepage:http://www.netric.org
File Size:1985
Last Modified:Sep 19 11:33:53 2002
MD5 Checksum:a91745fde8b472e0455ff81b929e63c3

 ///  File Name: lconfmdk.c
Description:
Linuxconf local root exploit for Mandrake 8.2.
Author:Priest.
File Size:4215
Last Modified:Sep 17 13:39:57 2002
MD5 Checksum:0d6dda171bc76298526af8422229e9cb

 ///  File Name: linuxconf.c
Description:
Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on RedHat 7.0 with linuxconf 1.25r3.
Author:Jin Yean Tan
File Size:1917
Last Modified:Sep 2 18:07:09 2002
MD5 Checksum:9e3fb1c2aba9c8f13a8b0068713b3667

 ///  File Name: massrooter.tar.gz
Description:
Massrooter takes advantage of vulnerabilities in bind, lpd, rpc, wuftpd, telnet, mail, ssl, and ssh on multiple systems.
Author:Daddy_cad
File Size:1505102
Last Modified:Sep 7 02:33:48 2002
MD5 Checksum:7b5a9c6d711c0796b6a85aa94c7a1f52

 ///  File Name: mdklinuxconf.c
Description:
Mandrake 8.2 linuxconf local root exploit.
Author:Pokleyzz
File Size:1757
Last Modified:Nov 30 21:25:30 2002
MD5 Checksum:e617b71655e152bbee80aa2767e49ca1

 ///  File Name: nslconf.c
Description:
Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3.
Author:Raise
Homepage:http://www.netsearch-ezine.com
File Size:3381
Last Modified:Sep 30 06:53:41 2002
MD5 Checksum:d7351358fc20587891f1f8c16b558242

 ///  File Name: ohMy-another-efs.c
Description:
Efstool local root exploit which works against Redhat 7.3.
Author:Joker
Homepage:http://www.daforest.org/~j0ker/index.html
File Size:7612
Last Modified:Sep 20 20:11:34 2002
MD5 Checksum:c20b9e3e46a310536130a5d004e7bfff

 ///  File Name: openbsd-select-bug.txt
Description:
Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1.
Author:Sec
Homepage:http://www.drugphish.ch
File Size:3560
Last Modified:Sep 29 12:11:35 2002
MD5 Checksum:11b34ff9c52e9241262598028265afec

 ///  File Name: openssl-bsd.c
Description:
Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Updated by CrZ, Ech0, and ysbadaddn.
File Size:29820
Last Modified:Sep 30 11:24:51 2002
MD5 Checksum:93c74bbed4fa5628590f8a08cc6a569d

 ///  File Name: openssl-too-open.tar.gz
Description:
OpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis.
Author:Solar Eclipse
Homepage:http://phreedom.org
File Size:18396
Last Modified:Sep 17 15:49:52 2002
MD5 Checksum:6c37282f541f13add85e5b2b76e3678e

 ///  File Name: phpcrlf.txt
Description:
fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays.
Author:Ulf Harnhammar
File Size:4861
Last Modified:Sep 11 06:25:52 2002
MD5 Checksum:fb701d51ad9b8b40f4146b525decc01a

 ///  File Name: pirch98.zip
Description:
Pirch98 irc client contains a buffer overflow which can allow remote code execution in the way that pirch 98 handles links to other channels and websites. The Pirch98 client now shipping at www.pirch.com has been fixed. Includes ASM source and Windows binary for an exploit which opens a shell on port 31337.
Author:Vecna
File Size:15901
Last Modified:Sep 5 09:14:24 2002
MD5 Checksum:4828fff9ebe60b2e0057cb601748011c

 ///  File Name: pwck_exp.c
Description:
Pwck local linux buffer overflow exploit.
Author:default /usr/sbin/pwck is not setuid, if +s pwck bingo #. Tested on Mandrake 8.2.
File Size:3099
Last Modified:Sep 5 07:30:36 2002
MD5 Checksum:5bf12aa6da163e5d29f5c86199ba3290

 ///  File Name: pwck_expl.c
Description:
Pwck local exploit for Redhat 7.2. /usr/sbin/pwck must be -rwsr-sr-x to give a root shell.
Author:Klep
File Size:2212
Last Modified:Sep 17 05:38:42 2002
MD5 Checksum:e75c0f9d4f3f94b01dfe8ec10f582fa4

 ///  File Name: qspl.c
Description:
Qstat 2.5b local root exploit for Linux. Tested on Debian GNU/Linux (Woody). Since Qstat is not SUID by default this script is not useful for gaining more access to a linux system.
Author:Oscar Linderholm
File Size:1100
Last Modified:Sep 21 10:32:15 2002
MD5 Checksum:5bd205acc310c5c0a4a244f24352737d

 ///  File Name: qute.pl
Description:
Qute.pl is a perl script which exploits a buffer overflow in Qstat 2.5b. Since Qstat is not SUID by default this script is useless.
Author:Arne Schwerdtfegger.
File Size:1786
Last Modified:Sep 24 09:13:22 2002
MD5 Checksum:6182325164cd3e63f9c2688fa96bcc6f

 ///  File Name: rootprobe.sh
Description:
Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x.
Author:Sebastian Krahmer
Homepage:http://www.team-teso.net
File Size:1599
Last Modified:Nov 30 21:33:45 2002
MD5 Checksum:28b219ae719f042d7c7ce6eac9ef28bd

 ///  File Name: scalpel.c
Description:
Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user.
Author:Sebastian Krahmer
Homepage:http://www.team-teso.net
File Size:7175
Last Modified:Nov 30 21:24:01 2002
MD5 Checksum:dcffeb448888592287ff24ca6be0c617

 ///  File Name: scrollkeeper.txt
Description:
A vulnerability exists in the insecure creation of files in /tmp by Scrollkeeper versions 0.3.4 and 0.3.11. Proof of concept exploit included.
Author:Spybreak
File Size:3668
Last Modified:Sep 4 08:02:08 2002
MD5 Checksum:e06c401b1d6823296aa0197b92db901c

 ///  File Name: smbkillah.c
Description:
Smbkillah.c exploits the SMB death bug in the WinXX OS.
Author:b0uNtYkI113r
File Size:16004
Last Modified:Sep 5 00:54:35 2002
MD5 Checksum:6fd9ace29c75dceb75b2523f9af18d4f

 ///  File Name: SQLScan.zip
Description:
SQLScan v1.0 is intended to run against Microsoft SQL Server and attempts to connect directly to port 1433. Features the ability to scan one host or an IP list from an input file, the ability to scan for one SQL account password or multiple passwords from a dictionary file, and the ability to create an administrative NT backdoor account on vulnerable hosts, which will fail if xp_cmdshell is disabled on the server.
Author:NTSleuth
File Size:24788
Last Modified:Sep 5 07:07:41 2002
MD5 Checksum:6e80ac480a5081c6d7b2b7381a02f471

 ///  File Name: SQLTools.rar
Description:
SQLTools is a collection of tools for auditing MSSQL servers including SQLScanner,SQLPing, SQLCracker, SQLDOSStorm, and SQLOverflowDos.
Author:Refdom
File Size:85807
Last Modified:Sep 6 08:05:17 2002
MD5 Checksum:efeeb8be77d011e25f8dc1cfb38fa77e

 ///  File Name: ssh3.tar.gz
Description:
Ssh3.tar.gz is a LPRng, Named, FTPD, SSHD, RPC and Telnetd mass scanner/rooter.
Author:Daddy_cad
File Size:2241217
Last Modified:Sep 7 02:30:02 2002
MD5 Checksum:abf180ace6bd404efc6c00127e6d5213