IBM AIX versions 5.6 and 6.1 _LIB_INIT_DBG arbitrary file overwrite via libc debug.
5bcd0d88111ef5c026fe3db1b99f1796Exploit that demonstrates how an integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative value to the I_PEEK ioctl.
8d609ea4015453829d85d3f773acd6a3Local privilege escalation exploit for TrueCrypt versions 4.3 and below.
cd1e1044ff594f332e39690fe831cb33Lotus Domino versions R6 and below Webmail remote password hash dumper exploit.
2d50a561beba95bd4cb07456f3325e8dPortable OpenSSH versions 3.6.1p-PAM / 4.1-SUSE and below timing attack exploit.
293040e79450f8a12b90cd78eb7f3bc6This is a MySQL backdoor kit for Windows based on the UDFs (User Defined Functions) mechanism. It can be used to spawn a reverse shell (netcat UDF on port 80/tcp) or to execute single OS commands (exec UDF). Tested on MySQL 4.0.18-win32 (running on Windows XP SP2), MySQL 4.1.22-win32 (running on Windows XP SP2), MySQL 5.0.27-win32 (running on Windows XP SP2).
7c61df06ad51543872d66efc84c7858cOracle 9i and 10g file system access via utl_file exploit.
56e606239e1ef343d372aa608fb5f43eThis PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user. All versions of Oracle 9i are susceptible. Oracle 10g versions prior to 10.1.0.3 are susceptible.
fbd3fbf823f6068de990e2bfdae52223raptor_libnspr - Solaris 10 libnspr oldschool local root exploit. Exploits the design error vulnerability in NSPR.
9de41a358bf1c1b092c82f43d9033503sshtime v0.1 is a simple OpenSSH timing attack tool based on expect meant to remotely analyze timing differences in sshd "Permission denied" replies. Depending on OpenSSH version and configuration, it may lead to disclosure of valid usernames.
b51722d1efa1aaaf9438ec4899fc55caX11R6 versions 6.4 and below XKEYBOARD local buffer overflow exploit for Solaris on Sparc.
e6ebb1bba91c4d89a82f920ecd3acec6Solaris 10 sysinfo(2) local kernel memory disclosure exploit.
3f2a80eef57cc64cba6d66b054507363Solaris 8/9 /usr/ucb/ps local information leak exploit.
de664dbbe6cbb73ad55c79eb8cbde8ebLocal shellcode for stdin re-open and /bin/sh exec. It closes stdin descriptor and re-opens /dev/tty, then does an execve() of /bin/sh. Useful to exploit some gets() buffer overflows in an elegant way.
8daecb38244b0718f9acb1eb01ea18f316 byte linux/x86 re-use of /bin/sh string in .rodata shellcode.
e76a96888522ad50a73af95b324f138c30 byte linux/x86 setuid(0) and /bin/sh execve() shellcode.
a28408279594abbceee55a56bb402a4496 byte linux/x86 shellcode that binds a setuid(0) shell on tcp/31337.
d0c4d50f411be4073b0db1be7494c579Local privilege escalation exploit for MySQL 4.x and 5.0 that makes use of UDFs.
80e3856c846d6dcafeb92c1d3ef8eecfLocal root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.
3793c024d44ae4873abb9da8a046b264Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
e6308246578fe5d9eb5dcd19eee0b260Local root exploit for a vulnerability in the passwd circ() function under Solaris/SPARC 8/9. This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
9d4de237075ceb5ffa390f845ff73748Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9. This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
be55e3c1fd954ee10f92a9a1376a141eLocal root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9.
f20ed4f52c6e15b57ab4429efee295fdLocal root exploit for a stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 that allows local users to gain root privileges via a long LD_PRELOAD environment variable.
2bec716e5744a67019345db15bc0bc0dLocal exploit for a flaw in Linux kernel that allows for group ownership change and possible system compromise. Tested against Linux kernel versions 2.4.x through 2.4.27-rc3 and 2.6.x through 2.6.7-rc3.
43f4d86223937cea4b9e4e7256c1428c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed