Section: .. / 0102-exploits /
|
Some of these exploits are from Bugtraq
|
| /// File Name: |
0102-exploits.tgz |
Description:
|
Packet Storm new exploits for February, 2001.
| | File Size: | 557030 | | Last Modified: | Apr 10 22:51:02 2001 |
| MD5 Checksum: | e43135e7e3cc9c37b8531f6ec918648a |
|
| /// File Name: |
frel-1.0.beta.tgz |
Description:
|
Frel-1.0 is a modified version of fragrouter, used to evade NIDS. The frag proxy can run on the same machine as the attacker. It can also run in partial takeover mode, so that the fragmented attack stream seems to be coming from another active machine on the same physical subnet. The neighbor machine runs normally except for the ports being used by attacker. Mods by Lorgor
| | File Size: | 416098 | | Last Modified: | Feb 3 00:12:49 2001 |
| MD5 Checksum: | 54f511a94e5997a3e1766ab4eb609cd3 |
|
| /// File Name: |
RFP2101.txt |
Description:
|
RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | File Size: | 37729 | | Last Modified: | Feb 14 08:41:49 2001 |
| MD5 Checksum: | 3570beaf791c09186294e288c2be8fa3 |
|
| /// File Name: |
SQLExec.zip |
Description:
|
SQLExec v1.1 is a remote exploit for Microsoft SQL server which executes remote commands as Administrator over tcp port 1433. Requires a database sa login / password. Includes binary and source written in Visual C++ 6.0 for Windows NT/2K/9X. Note: Many AV software erroriously reports this as a trojan.
| | Author: | Egemen Tas | | File Size: | 31821 | | Last Modified: | Mar 7 03:14:14 2001 |
| MD5 Checksum: | 38f900f09511693706dba15eff709f1f |
|
| /// File Name: |
ssh1.crc32.txt |
Description:
|
This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1.
| | Author: | Paul Starzetz | | File Size: | 26014 | | Last Modified: | Feb 22 03:02:18 2001 |
| MD5 Checksum: | d8723d5299634964440e1ff0b8c65d4a |
|
| /// File Name: |
tsl_bind.c |
Description:
|
Bind prior to 8.2.3-REL remote root exploit - Includes instructions for finding the offset on linux. Tested against Redhat 6.1 8.2.2-P5 and Slackware.
| | Author: | Gustavo Scotti, Thiago Zaninotti | | Homepage: | http://www.axur.org | | File Size: | 19192 | | Last Modified: | Feb 10 01:33:42 2001 |
| MD5 Checksum: | c2b4506f916639f81f07ecaf4b2d5d44 |
|
| /// File Name: |
pkc003.txt |
Description:
|
PKC Security Advisory #3 - Micq-0.4.6 contains remotely exploitable buffer overflows which allow running arbitrary code with the UID/GID of the user running micq. Includes micRAq.c, linux/x86 proof of concept exploit.
| | Author: | The Recidjvo | | Homepage: | http://www.pkcrew.org | | File Size: | 16755 | | Last Modified: | Feb 2 22:42:17 2001 |
| MD5 Checksum: | 24a010e9979e0021bf0ee38824eeeb7d |
|
| /// File Name: |
bind8x.c |
Description:
|
Bind prior to 8.2.3-REL remote root exploit - exploits the named INFOLEAK and TSIG bug. Includes shellcode for Linux. Slightly broken.
| | Author: | Ix, Lucysoft | | File Size: | 15837 | | Last Modified: | Feb 10 01:30:46 2001 |
| MD5 Checksum: | c4f9cc6d4b7bc657ff22984adf7d206c |
|
| /// File Name: |
sc.txt |
Description:
|
Vulnerabilities in Sun Clustering v2.x - Leaks sensitive information to local and remote users and has tempfile bugs. Includes proof of concept exploits.
| | Author: | Echo8 | | File Size: | 11717 | | Last Modified: | Feb 14 08:21:13 2001 |
| MD5 Checksum: | 73b291ac1c752a9126ecaee506db3172 |
|
| /// File Name: |
pkc001.txt |
Description:
|
PKC Security Advisory #1 - The Oops proxy server 1.4.22, 1.4.6, and prior contain a remotely exploitable heap overflow. Includes PKCoops-ex.c, a proof of concept exploit tested on Slackware 7.0.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 10519 | | Last Modified: | Feb 2 22:36:47 2001 |
| MD5 Checksum: | 513a02ac5db3c03eb6bb76a85ed459ee |
|
| /// File Name: |
bugtraq.c |
Description:
|
Bugtraq.c is an exploit for the Bind tsig bug which has been crippled somewhat. Tested against Slackware 7.0.
| | Author: | Count Neithardt von Gneisenau | | File Size: | 10013 | | Last Modified: | Feb 6 02:19:36 2001 |
| MD5 Checksum: | f406011573813d6eb463e3616775397d |
|
| /// File Name: |
pkc004.txt |
Description:
|
PKC Security Advisory #4 - Icecast v1.3.8beta2 and prior contains remotely exploitable format string bugs which allow remote code execution with the UID/GID of the user running Icecast. Includes PKCicecast-ex.c, a remote proof of concept exploit tested against Icecast 1.3.7 on Slackware 7.0 and RedHat 7.0.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 8329 | | Last Modified: | Feb 2 22:46:22 2001 |
| MD5 Checksum: | d2baf97ccaf7099542435cfd6ae71298 |
|
| /// File Name: |
imapd_exploit.c |
Description:
|
A remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here.
| | Author: | Felipe Cerqueira | | Homepage: | http://www.BufferOverflow.Org | | File Size: | 7772 | | Last Modified: | Feb 24 02:26:19 2001 |
| MD5 Checksum: | 8cb7018cec6491d94289309fa80cb3f8 |
|
| /// File Name: |
pkc002.txt |
Description:
|
PKC Security Advisory #2 - Tinyproxy version 1.3.2 and 1.3.3 has a remotely exploitable heap overflow. Includes PKCtiny-ex.c proof of concept exploit.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 6544 | | Last Modified: | Feb 2 22:39:18 2001 |
| MD5 Checksum: | 061a37587f330bb27e6fb68037bce07c |
|
| /// File Name: |
urdls.c |
Description:
|
Urdls.c is an unreadable directory lister for listing files in directories on the local machine without having permission to do so. Guesses all possible alphanumeric filenames and uses stat() to check for existence.
| | Author: | Vade79 | | Homepage: | http://www.realhalo.org | | File Size: | 4553 | | Last Modified: | Feb 14 07:05:47 2001 |
| MD5 Checksum: | 1d6fbb2a733fdc4734fdb685dfebe2d3 |
|
| /// File Name: |
scx-sa-14.txt |
Description:
|
Securax Security Advisory #14 - Symantec pcAnywhere 9.0 contains a remote denial of service vulnerability. Includes perl exploit.
| | Author: | Root-dude | | Homepage: | http://securax.org | | File Size: | 4173 | | Last Modified: | Feb 14 08:03:10 2001 |
| MD5 Checksum: | 718844623d215773f90f38c77a5052e2 |
|
| /// File Name: |
man-cgi.txt |
Description:
|
Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included.
| | Author: | Krfinisterre | | File Size: | 3923 | | Last Modified: | Feb 27 00:30:21 2001 |
| MD5 Checksum: | 3245d6534465bdf950b124781e2eba7f |
|
| /// File Name: |
prodbx.c |
Description:
|
Progress Database Server v8.3b local root exploit - Tested on Sco Unix and Linux.
| | Author: | The Itch | | Homepage: | http://bse.die.ms | | File Size: | 3524 | | Last Modified: | Feb 2 20:13:05 2001 |
| MD5 Checksum: | 0802fc897a4714f01406446c05c2c949 |
|
| /// File Name: |
hhp-ospf_smash.c |
Description:
|
Hhp-ospf_smash.c is a local root exploit for ospf_monitor. Tested on BSDI 4.1 x86 default install.
| | Author: | Loophole | | Homepage: | http://www.hhp-programming.net | | File Size: | 3197 | | Last Modified: | Mar 6 01:22:58 2001 |
| MD5 Checksum: | b41b1c1bc193511d950a1c291c22c23f |
|
| /// File Name: |
p-smash.c |
Description:
|
P-smash.c is an exploit that uses 50 percent of the CPU on windows 98 machines and causes windows 95 machines to slow down by sending ICMP type 9 code 0 packets.
| | Author: | Paulo Ribeiro | | File Size: | 3186 | | Last Modified: | Feb 12 04:22:09 2001 |
| MD5 Checksum: | 003642b21a623125acc24e65efa3c22b |
|
| /// File Name: |
hhp-gdc_smash.c |
Description:
|
Hhp-gdc_smash.c is a local root exploit for gdc. Requires group wheel access. Tested on BSDI 4.1 x86 default install.
| | Author: | Loophole | | Homepage: | http://www.hhp-programming.net | | File Size: | 2822 | | Last Modified: | Mar 6 01:28:05 2001 |
| MD5 Checksum: | efae2c2cea50f03e11330ec67729ea53 |
|
| /// File Name: |
Infobot-0.44.5.3.txt |
Description:
|
Infobot v0.44.5.3 and below contains vulnerabilities which allow remote users to execute commands due to an insecure open call.
| | Author: | Samy Kamkar | | Homepage: | http://www.pdump.org | | File Size: | 2775 | | Last Modified: | Feb 12 04:46:49 2001 |
| MD5 Checksum: | abd99f30f80cf7bce705f6763a7ac850 |
|
| /// File Name: |
sshdexpl.diff.gz |
Description:
|
Patches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability.
| | Author: | Paul Starzetz | | File Size: | 2774 | | Last Modified: | Feb 22 03:03:32 2001 |
| MD5 Checksum: | 5b9cd4b729ec6e7561b1a57d158efd6c |
|
| /// File Name: |
defcom.easycom.txt |
Description:
|
Defcom Labs Advisory def-2001-06 - The Easycom/Safecom print server from I-Data International contains multiple vulnerabilities that allow a malicious user to bring down the print server. Execution of arbitrary code is also possible. Tested against Easycom/Safecom, firmware v404.590.
| | Author: | Defcom Labs | | Homepage: | http://www.defcom.com | | File Size: | 2646 | | Last Modified: | Feb 3 00:14:42 2001 |
| MD5 Checksum: | ff7e56247e2414c0c4d933c41bf3bafd |
|
| /// File Name: |
ultimate-bb.txt |
Description:
|
The Ultimate Bulletin Board System allows remote users to get the username and pass of anyone that is a registered user of a ubb forum that has html enabled and uses cookies to store the username and passwords of the users.
| | Author: | Unregistered. | | File Size: | 2552 | | Last Modified: | Feb 16 23:45:49 2001 |
| MD5 Checksum: | 828aa040cb14cedf7cc184ea53596262 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
