The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server.
2beb4c9aa7ffd4a6559b4ee451132a24Perl port of the /usr/bin/lpset local root vulnerability in Solaris/SPARC 2.7. Based on lpset.sh.
273a18bea943ed29e39af2008e2f53e1SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
651b6173fc24873f8ad4e5f846fba666SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers).
42981bfacdfe3138a8734be57bbed972htaccess.tar - Perl script for adding users to the .htaccess file. Includes information on how to set up password protected web pages.
27de7a057fe0c6373a9ad4390699239fLinux Elm 2.4/2.5 local exploit - This will give you a shell(gid=12) if /usr/bin/elm is SGID. Tested on slackware 4.0 and redhat 5.1.
82f10bfc8741bb629281379f2f03ccc9Majordomo v1.94.5 local linux exploit - run commands as the UID that majordomo runs under.
5ce22449e2db60174798412395e28845sscan2k is a remote auditing/vulnerability scanner which determines remote OS, and scans the host for applicable vulnerabilities. Features updated vulnerability checks, a scripting language, support for plugins and addons, configureable OS fingerprints, dns zone and subnet scans. Based off sscan by jsbach.
f2afd7708edbbf1d301f9597e8fe4b30Apache DSO backdoor - A get request to a "special" url allows remote command execution.
84e2f164eca988c6647d0dc512f4536chellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0.
7e9d7f936be9cf422b078cf7e5a25146sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc.
3ee58f3c6e90d5e587cc8b068b22548dBuffer Syringe is a tool for win32 that tests a daemon for buffer overflow on it's parameter(s) sort of "brute forcing" or "stressing" the daemon by means of injecting a user specified parameter or a command with a value of a user specified number of characters to the daemon. Chances are, if the parameter being tested is vulnerable to an overflow, and the user specified number of characters exceeds that of the parameter's limit, then the daemon would likely crash.
51bab6a00325ec97984338d5a6892f72Neon beta5 - Simple Host or Iplist cgi Scanner which does 358 checks.
0f51bd2e126eb23a4b2bb5ea4e549ad8-(- Neon beta4 -)- Simple Host or Iplist Cgi Scanner ( 356 ) Checks
fcbbe41e4081d6f3ffc4902b86c685c9Exploit/DoS for OmniHTTPd pro v.2.06 Win98 (NT not tested). The result is crash of remote server.
bcacbf9c5c4468cc5daa396b467a2b3eBuffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords.
3ca811fa7c30725b688e469ac3d73e0aProject aurora is lamagra's non-blind LAN spoofing project. It can be used to create TCP connections from a non-existing box or another box in the network. The biggest problem while spoofing was guessing the sequence numbers to acknowledge and that the other box always sends back a reset when it receives a SYN|ACK. This used to be solved by abusing small bugs in the tcpip stack.
6b276aa4c57241cef0a88d7306e26461fs-spider is a multi-threaded bad permissions finder (user defined). It
48bb15ad312e8be76f26b4bcc38bb6beThis shellcode creates a connection to a host/port and starts a shell. This should be more anti-IDS then the others and it can go through a firewall.
b92b48091663aeca497d26a0b45769f0Timbuktu Pro 2.0b650 denial of service exploit.
9f2830f69b5d9919739d014f885ba830syslogd-to-MySQL wrapper v0.1 prebeta. Stores syslog messages in a MySQL database. Written for FreeBSD.
9a055ca5347884d3708e659ce3ae8a55Plogd v2 (Revision 1.5) is a syn/udp/icmp packet logger for freebsd.
eef674504b75af8c3aa2b70b04a1ae7dBufferOverflow Security Advisory #3 - libncurses buffer overflow in NCURSES 1.8.6 on FreeBSD 3.4-STABLE. Setuid programs linked with libncurses can be exploited to obtain root access.
6498cacb6f034cf8c3e1a0d842966aaagibd00r3.c is a passworded backdoor which pretends to be an ident daemon.
967dd190a53f9ccca2ee70bb035b752fnschecker.sh NS Security Scanner - Uses dig to query the bind version from a list of ips.
62f4b7a9625cf389e7e581a0e97e8536
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed