GreedyDog v2.3 is an ethernet packet sniffer for Linux, FreeBSD, OpenBSD, NetBSD, Solaris, IRIX, SunOS4, AIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. Very portable. Manual is here.
7f63d4455486e59b4f4b6f788617867fShadowpenguin Security Advisory #39 - Adobe Acrobat Series PDF File buffer overflow. Many versions of Acrobat for Windows95/98/NT/2000 overflows when reading the PDF file which has long Registry or Ordering. The EIP can be controled and arbitrary code can be executed on the machine which views the PDF file. Patches available here.
4d24ea755d6dc347ec13d981db9ba98cGetcode assists you in coding windows exploits by getting the codes for jmp reg,call reg,push reg;ret from some loaded dlls.
210e177dc620f8156becafff0ce8bd90ex_inc.c exploits a bounds checking error in /usr/jp/bin/mh/inc which was distributed with the mh-6.8.3 package. Local root compromise.
72428b901f7f45c05e3c1b5048f8275eex_bbc.c exploits a bounds checking error in /usr/jp/bin/mh/bbc which was distributed with the mh-6.8.3 package. Local root compromise.
a5b2d66a75247c7d8c9cb5c5bceb2ce4kcms_configure has a overflow bug with "-P" option and it has been reported(107339-01). But this program has another hole. This hole has not been not reported, and the paches are not published at this time. kcms_configure overflows if long string is specified in NETPATH environment, and it is exploitable. I have included an exploit for Solaris7 intel edition to obtain root privilege.
96891067efbb4ca666ca294943ae33b0The vulnerability in kcms_configure also exists in Solaris 2.6 and 2.7 sparc edition. Exploit included.
e2e854ae8bed8bd41d390b8b8c6423e1The mailer programs (mailtool and dtmail) and mail message print filter (dtmailpr) which are installed on Solaris7 have exploitable buffer overflow bugs. These programs are sgid (mail group) programs, local user can obtain mail group. The mail files are generated with 660 permission, so any user can read/write other user's mail files. I coded the exploits to get mail gid(egid=6). There are for Intel Solaris7. There are same kind of problems on Sparc Solaris7 and Solaris2.6 (Intel,Sparc).
68399227ff709fd06cd83d967dcf842aThis is a auto logger for Amuser-net BBS which is used in the many Japanese underground sites
3c6e56c55f2e9063aaf349c9872da680This utility lists the servers which have the security vulnerabilities of CGI program. This utility supports the pht, test-cgi, nph-test-cgi, campas, htmlscritp, servce, pwd. The addition of new vulnerabilities is very easy.
3b0def202f08648fc9881d638df01085The simple full-connection TCP port scanner. This utility lists the servers that open the specified port.
1434dbaba3484bca0063b32ae1df9b67Admintool local root exploit for Solaris2.6/7 Sparc machines.
68f7d2c4497e4f6766f8db1c517c1ac3We found the overflow bug of AL-Mail32 Ver1.10. It overflows when that receives the long message of From: or Reply-To:. If the POP3 server send the long reply message that contains the exploit code, client executes any code. This exploit code execute any command on the target windows.
bbb93b32d0fbcc24ab0bd8704e8d3ed6The test CGIs which are distributed with AN-HTTPd 1.20b contain the remote command execution problem.
ee1ef9dca35316c2d83174c399085960Local root exploit code for buffer overflow in canuum for Japanese Linux.
08d584cfaedebba6322e15ff0bc6ae6eWe found the overflow bug of CHOCOA 1.0beta7R. It overflows when that receives the long TOPIC. If the server send the long TOPIC that contains the exploit code, client executes any code. This exploit code execute any command on the target windows.
6d894b1c72bd7f83bb486b38132a9c97We found the overflow bug of CMail Server 2.3 SP2. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the CMail Server 2.3 SP2.
4639d4625068233955e1ce9df9281ac7Buffer overflow in E-MailClub Ver1.0.0.5. It overflows when that receives the long From: in POP3 handling. If the host recives the mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example generates the e-mail which contains the exploit code that reboot the target host. This exploit is coded for Windows98 Japanese edition, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.
f1fa3e703ec2bd44f3d36fa744003039We found the overflow bug of FuseMail 2.7. It overflows when that receives the long USER or PASS in POP3 handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the CMail FuseMail 2.7.
84fd9aa0fb63734015ecee0164137530We found the overflow bug of IBM HomePagePrint 1.0.7. If the visitors "print" or "preview" the web page which contains the long IMG SRC tags, the buffer overflow occurs. If this application reads the IMG SRC tag which is contained the exploit code, the host will be cracked. This sample generates a HTML file which is contained the exploit code that executes any command on the users' host.
2a77280e95e84112cb74a84234c723a8Microsoft Internet Explorer 4/5 overflows when the handling of "file://" specification. We coded the following sample codes. This codes generates the HTML file that reboots the client PC if the visitor uses IE4 for Windows98.
706d99f197cfd8f922486be4a951d4e1This is overflow exploit for IE5.
6ac8ac08d5a0b80ab44588d211625499Imagemap CGI which is written by C language is distributed with OmniHTTPd Pro2.04(shareware) and Ver1.01 (freeware), it has a security hole by the buffer overflow. Any instructions can be executed on the victim host by using this buffer overflow bug.
b85e476f7a4a74c9fae25a19f31a3f46The popular Image viewer "Irfan View32" contains the buffer overflow problem, this problem exists in the handling of Adobe Photoshop image file. This code generates the jpg file which contains the exploit code that generates "exp.com" in "c:\" and executes it. "exp.com" is a simple demo program, there is no danger.
21678e1095ed9bf229ab8c6803678bfcExploit code for Solaris 2.6, 2.7 (sparc) libc/LC_MESSAGES buffer overflow that results in root compromise.
e1ab7379ca0d6ddacf82ca872b94caa4
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed