Section: .. / 0101-exploits /
|
Some of these exploits are from Bugtraq
|
| /// File Name: |
0101-exploits.tgz |
Description:
|
Packet Storm new exploits for January, 2001.
| | File Size: | 77851 | | Last Modified: | Feb 2 03:34:41 2001 |
| MD5 Checksum: | 529b73bf0d83aa85bfa82f9b57548e48 |
|
| /// File Name: |
bind-tsig.c |
Description:
|
Bind-tsig.c is a trojan which pretends to be a Bind 8 exploit, but actually attacks dns1.nai.com.
| | Author: | Anonymous | | File Size: | 13043 | | Last Modified: | Feb 1 19:06:43 2001 |
| MD5 Checksum: | cd4a8638d718185f1f26451e0817ef66 |
|
| /// File Name: |
defcom.imagecast.txt |
Description:
|
Defcom Labs Advisory def-2001-01 - ImageCast V4.1.0 for Windows, a rapid-PC-deployment tool much like Ghost, has problems handling malformed input which result in a dos attack against the ImageCast Control Center.
| | Author: | Defcom Labs | | Homepage: | http://www.defcom.com | | File Size: | 2849 | | Last Modified: | Jan 9 02:15:04 2001 |
| MD5 Checksum: | b6325a0535100802bdaa273349db1d0a |
|
| /// File Name: |
defcom.websphere.txt |
Description:
|
Defcom Labs Advisory def-2001-02 - IBM WebSphere 3.52 (IBM HTTP Server 1.3.12) for Windows NT has a memory leak which can be used as a remote denial of service attack. Workaround included.
| | Author: | Defcom Labs | | Homepage: | http://www.defcom.com | | File Size: | 2041 | | Last Modified: | Jan 9 02:10:01 2001 |
| MD5 Checksum: | d1c60ae0b02e1129be8ae653925d8ea4 |
|
| /// File Name: |
ecepass.tar.gz |
Description:
|
FreeBSD ipfw+ECE proof of concept code - Using FreeBSD divert rule, all outgoing traffic will have the ECE flag added to it, bypassing ipfw if it passes established connections.
| | Author: | Plathond | | Homepage: | http://sensepost.com | | File Size: | 2538 | | Last Modified: | Jan 27 08:07:11 2001 |
| MD5 Checksum: | 81b9fda7f3e1e97294cd43a16f4d4c76 |
|
| /// File Name: |
exhpcu.c |
Description:
|
HP-UX v11.00 /bin/cu local buffer overflow exploit - Exploits the -l option. Provides a uid=bin shell.
| | Author: | Zorgon | | File Size: | 1597 | | Last Modified: | Jan 9 02:06:45 2001 |
| MD5 Checksum: | 41bfb9a22eefc441486dce25261ca9f9 |
|
| /// File Name: |
glibc-resolve-tr.sh |
Description:
|
Glibc prior to v2.1.9x allows local users to read any file. This shell script exploits this bug using the Openssh-2.3.0p1 binary. Tested against Debian 2.3 and Redhat 7.0.
| | Author: | Charles Stevenson | | File Size: | 1013 | | Last Modified: | Jan 27 08:45:31 2001 |
| MD5 Checksum: | 4c421f7d5f1a7e40155c52fc44daa995 |
|
| /// File Name: |
guninski31.txt |
Description:
|
Georgi Guninski security advisory #31 - There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files and executing arbitrary programs. The problem is the WMP ActiveX Control which allows launching javascript URLs in arbitrary already open frames. This allows taking over the frame's DOM. Includes exploit code. Demonstration available here.
| | Author: | Georgi Guninski | | Homepage: | http://www.guninski.com | | File Size: | 2004 | | Last Modified: | Jan 4 01:00:57 2001 |
| MD5 Checksum: | bd37b33afb22c4facab4302296179eec |
|
| /// File Name: |
hk-0.1.zip |
Description:
|
Microsoft HK local exploit - Executes any command as SYSTEM, as described in MS01-003. Good for recovering lost admin rights. Includes C source and binary.
| | Author: | Todd Sabin | | Homepage: | http://razor.bindview.com | | File Size: | 19330 | | Last Modified: | Dec 18 20:20:21 2001 |
| MD5 Checksum: | c304bfd8147a60c82839eaa4930b067a |
|
| /// File Name: |
iris-dos.c |
Description:
|
Denial of service attack against the Iris The Network Traffic Analyzer beta 1.01. Causes Iris to hang when it the traffic is examined.
| | Author: | Grazer | | Homepage: | http://www.digit-labs.org | | File Size: | 3139 | | Last Modified: | Jan 24 23:13:09 2001 |
| MD5 Checksum: | 644e11c8434d6546a2ada3504d491ce1 |
|
| /// File Name: |
mscreen.c |
Description:
|
SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.
| | Author: | K2 | | File Size: | 2009 | | Last Modified: | Jan 27 08:36:20 2001 |
| MD5 Checksum: | 0d6decf4c717851249cad2b166d2b635 |
|
| /// File Name: |
naptha-1.1.tgz |
Description:
|
Naptha v1.1 is a denial of service attack against many OS's which uses established TCP connections to create a resource starvation attack. Includes three tools - bogusarp makes a bogus entry in the router's arp cache so it actually puts packets with our faked source address on the Ethernet, synsend, and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95, 98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.
| | Author: | Robert Keyes | | Homepage: | http://razor.bindview.com | | File Size: | 5371 | | Last Modified: | Jan 27 10:16:18 2001 |
| MD5 Checksum: | 9e461df6b11c94a3409cd933dfbe9a0a |
|
| /// File Name: |
ns-shtml.pl |
Description:
|
Netscape Enterprise Server 4.0 remote root exploit - Tested against Sparc SunOS 5.7.
| | Author: | Fyodor | | File Size: | 2817 | | Last Modified: | Jan 27 08:02:45 2001 |
| MD5 Checksum: | bd9a07a89b35b15672e6de6fbc167ecf |
|
| /// File Name: |
prober.php3.tgz |
Description:
|
This is wuftpd2.6.0x and qpop2.1.4 exploit ported to PHP. Even php in safe mode can not stop this script from working. Webhosting providers who provide PHP need to be careful.
| | Author: | Luki Rustianto | | File Size: | 4116 | | Last Modified: | Nov 12 20:12:55 2001 |
| MD5 Checksum: | 3b84eccc265a9360ac00d4e6a518d991 |
|
| /// File Name: |
progress-db.txt |
Description:
|
The Progress Database Server v8.x and 9.x for Unix has several locally exploitable buffer overflows which can allow arbitrary code to run as root. Proof of concept exploit attached.
| | Author: | Krfinisterre | | File Size: | 16122 | | Last Modified: | Jan 31 19:47:12 2001 |
| MD5 Checksum: | d02e5d8479bbefc220465668d82b3f20 |
|
| /// File Name: |
rctab.tar.gz |
Description:
|
Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may result in denial of service attack, local or even remote root compromise, if root runs the /sbin/rctab script. Tested against SuSE 7.0.
| | Author: | Ihaquer. | | File Size: | 3320 | | Last Modified: | Jan 27 08:38:26 2001 |
| MD5 Checksum: | 51769f0a559e55a0fbe445c318e64d5b |
|
| /// File Name: |
sa2001_01.txt |
Description:
|
NSFOCUS Security Advisory (SA2001-01) - The NetScreen Firewall / VPN Appliance has an overflow vulnerability in the web interface which allows remote users to crash the firewall with a large URL. All current versions of ScreenOS, including v1.73r1, 2.0r6, 2.1r3 and 2.5r1 are affected. Perl exploit included. Fix available here.
| | Author: | Nsfocus Security Team | | Homepage: | http://www.nsfocus.com | | File Size: | 3874 | | Last Modified: | Jan 9 09:24:47 2001 |
| MD5 Checksum: | 461b4b78a0613c22ce2385ec0debfced |
|
| /// File Name: |
smr.tar.gz |
Description:
|
Redhat rpc.statdx mass exploit - scans for vulnerable hosts and implants a bindshell.
| | Author: | God- | | File Size: | 5606 | | Last Modified: | Jan 9 00:25:19 2001 |
| MD5 Checksum: | cac3eaee702ca738d65e56d47813af1f |
|
| /// File Name: |
spitvt.c |
Description:
|
SplitVT v1.6.4 and below local format string exploit which overflows the -rcfile command line flag. Tested on Slackware 7.1, Debian 2.2.
| | Author: | Michel MaXX Kaempf | | Homepage: | ftp://maxx.via.ecp.fr/spitvt | | File Size: | 7352 | | Last Modified: | Jan 25 23:08:10 2001 |
| MD5 Checksum: | 97dcfd07f4dcf6be30fef0197b1c1ca1 |
|
| /// File Name: |
tar-symlink.txt |
Description:
|
GNU tar follows symlinks blindly, a problem if you untar as root.
| | Author: | Marco van Berkum | | Homepage: | http://www.obit.nl | | File Size: | 3183 | | Last Modified: | Jan 9 00:33:23 2001 |
| MD5 Checksum: | 600ae24fbc5281fc8a5b4b3c636d3903 |
|
| /// File Name: |
tcpdump-xploit.c |
Description:
|
Tcpdump v3.5.2 remote root exploit - Tested against X86 Linux. Exploits an overflow in the AFS packet parsing which requires the snaplen (-s) to be set to 500 or greater. Fixed in v3.62.
| | Author: | Zhodiac | | Homepage: | http://hispahack.ccc.de | | File Size: | 6629 | | Last Modified: | Jan 15 06:34:37 2001 |
| MD5 Checksum: | 289510d424aa0a665ee3161b20c9abab |
|
| /// File Name: |
thebat.traverse.txt |
Description:
|
The Bat! v1.48f and below has a client side vulnerability which allows malicious mail messages to add any files in any directory on the disk where user stores his attachments.
| | Author: | 3apa3a | | Homepage: | http://www.security.nnov.ru | | File Size: | 3859 | | Last Modified: | Jan 9 02:44:30 2001 |
| MD5 Checksum: | ca77c4383a98f689f532016cfb080be4 |
|
| /// File Name: |
thong.pl |
Description:
|
Thong.pl is a perl script which exploits several vulnerabilities found in Cisco products. Includes the Cisco Catalyst ssh Protocol Mismatch dos, Cisco 675 Web Administration dos, Cisco Catalyst 3500 XL command execution, and the Cisco IOS Software HTTP Request dos.
| | Author: | Hypoclear | | Homepage: | http://hypoclear.cjb.net | | File Size: | 3311 | | Last Modified: | Jan 25 08:17:55 2001 |
| MD5 Checksum: | d98c376f39aee68581c072f95ed01b71 |
|
| /// File Name: |
tru-64.su.c |
Description:
|
Tru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.
| | Author: | K2 | | File Size: | 3121 | | Last Modified: | Jan 27 08:32:48 2001 |
| MD5 Checksum: | 3dd785c49420cd2ce460d0f2717087ad |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
