| File Name |
File Size |
Last Modified |
MD5 Checksum |
| zyxbrut.c | 2065 | Dec 14 2002 06:28:02 | 5f844ffa9b55b1b76815a74672ea8085 |
| Zyxbrut.c is a brute force program written for the ZyXel router telnet service. By BetaFly Computer Team |
| zyxbrut.c.orig | 2066 | Dec 14 2002 06:27:54 | aa0507fb1ed8677a43d8e629ad4d5380 |
| sorry, a description is unavailable. |
| rootprobe.sh | 1599 | Nov 30 2002 12:33:45 | 28b219ae719f042d7c7ce6eac9ef28bd |
| Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x. Homepage: http://www.team-teso.net. By Sebastian Krahmer |
| mdklinuxconf.c | 1757 | Nov 30 2002 12:25:30 | e617b71655e152bbee80aa2767e49ca1 |
| Mandrake 8.2 linuxconf local root exploit. By Pokleyzz |
| scalpel.c | 7175 | Nov 30 2002 12:24:01 | dcffeb448888592287ff24ca6be0c617 |
| Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user. Homepage: http://www.team-teso.net. By Sebastian Krahmer |
| unishell.pl | 10904 | Oct 21 2002 23:58:42 | b31f98e1ede92b439df11826c886cdd8 |
| Unicode IIS exploit in perl. Tries 20 ways. By Pakk. |
| 0209-exploits.tgz | 4528261 | Oct 9 2002 17:57:49 | d61e47de2cd35e4a4c6debc4aecef9d2 |
| Packet Storm new exploits for September, 2002. |
| idefense.smrsh.txt | 5421 | Oct 1 2002 23:17:32 | 6b1f79ee66a3ac3df14ff5df61ce1de7 |
| DEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here. Homepage: http://www.idefense.com. By David Endler, Zen-Parse, and Pedram Amini |
| gv-exploit.pdf | 1377 | Sep 30 2002 22:44:40 | da9705f79a8782d078819470306ac5c0 |
| Buffer overflow exploit for gv v3.5.8 on linux which creates the file /tmp/itworked when gv opens the PDF. Some mail readers use GV to view pdf's. Tested on Red Hat 7.3. Homepage: http://www.idefense.com. By Zen-Parse |
| openssl-bsd.c | 29820 | Sep 30 2002 02:24:51 | 93c74bbed4fa5628590f8a08cc6a569d |
| Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Updated by CrZ, Ech0, and ysbadaddn. |
| apscan2.tgz | 94609 | Sep 29 2002 23:37:40 | f56c7c14685cd643a637f60e42497615 |
| Apache OpenSSL v0.9.6d mass scanner. When a vulnerable server is found code is launched. Includes targets for Apache 1.3.6, 1.3.9, 1.3.12, 1.3.19, 1.3.20, 1.3.26, 1.3.23, and 1.3.14. Includes openssl-too-open binary. By Nebunu |
| SSL-scan.tar.gz | 115124 | Sep 29 2002 23:26:14 | 77c9e8f827451addb1ba3c347d35e4c8 |
| Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Includes scanners. WARNING: The binaries in this archive are infected with the ELF_GMON.A virus which sets up a backdoor on UDP port 3049. Updated by CrZ and Ech0. |
| nslconf.c | 3381 | Sep 29 2002 21:53:41 | d7351358fc20587891f1f8c16b558242 |
| Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3. Homepage: http://www.netsearch-ezine.com. By Raise |
| openbsd-select-bug.t..> | 3560 | Sep 29 2002 03:11:35 | 11b34ff9c52e9241262598028265afec |
| Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1. Homepage: http://www.drugphish.ch. By Sec |
| interbase-gds-exploi..> | 1777 | Sep 26 2002 04:49:32 | 0ecb679470d57b48ec01e63e5ca67c13 |
| This exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP. Homepage: http://www.i-security.nl. By grazer |
| apache-ssl-bug.c | 19418 | Sep 25 2002 14:58:21 | 1be047c32ae0e2d1d8930d2ce4c4f7cc |
| This exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit. By Andy. |
| vbull.c | 4075 | Sep 24 2002 22:53:47 | 0569a0851a81caa5f67a940a3af6fe2d |
| Vbulletin/calender.php remote command execution exploit. By Gosper |
| qute.pl | 1786 | Sep 24 2002 00:13:22 | 6182325164cd3e63f9c2688fa96bcc6f |
| Qute.pl is a perl script which exploits a buffer overflow in Qstat 2.5b. Since Qstat is not SUID by default this script is useless. By Arne Schwerdtfegger. |
| idefense.dinoweb.txt | 2429 | Sep 23 2002 21:27:17 | c2e5dd5d49683b918059438a2f7d405a |
| iDEFENSE Security Advisory 09.23.2002 - A vulnerability exists in the latest version of the Dino Webserver that can allow an attacker to view and retrieve any file on the system. Homepage: http://www.idefense.com. By David Endler |
| alsaplayer-suid.c | 2104 | Sep 23 2002 07:49:29 | d3864c1d3454e61a8246fa4e1966ac8f |
| AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71. By zillion By KF |
| bakkum.c | 8137 | Sep 23 2002 07:24:48 | 88f53e3ca0b89baf95643a18cb9584bb |
| Remote root exploit for Linux systems running Null httpd 0.5.0. Tested to work against Red Hat Linux 7.3. Homepage: http://www.netric.org. By eSDee |
| gawk_expl.c | 1047 | Sep 21 2002 02:37:51 | 9e653a0462e3f7ef60c123e9ca381c63 |
| Linux proof of concept exploit for a local buffer overflow in GNU Awk 3.1.0-x. Homepage: http://www.netric.org. |
| compress_expl.c | 1799 | Sep 21 2002 02:34:25 | 599d99a8e14ed34f83f118d3d2d84799 |
| Compress v4.2.4 local test exploit for Linux systems. Homepage: http://www.netric.org. |
| qspl.c | 1100 | Sep 21 2002 01:32:15 | 5bd205acc310c5c0a4a244f24352737d |
| Qstat 2.5b local root exploit for Linux. Tested on Debian GNU/Linux (Woody). Since Qstat is not SUID by default this script is not useful for gaining more access to a linux system. By Oscar Linderholm |
| guardadv.db4web.txt | 3215 | Sep 21 2002 01:09:06 | 64d4d5f90284d5f5e2d2bb4d52fe728f |
| Guardeonic Solutions Security Advisory #01-2002 - The DB4Web Application Server for Linux, Unix, and Windows can be accessed with malicious URLs allowing users to download any readable file on the server. Exploit URL's included. Homepage: http://www.guardeonic.com. By Stefan Bagdohn |
| trillident.c | 4665 | Sep 21 2002 00:35:05 | 73cffa14787d80bf5655dc7c2ecb1125 |
| Exploit for the PRIVMESG remote denial of service vulnerability that exists in Trillian v.73 and .74 which sends an overflow in the ident connection. Compiles on Unix based OS's. By Netmask |
| ohMy-another-efs.c | 7612 | Sep 20 2002 11:11:34 | c20b9e3e46a310536130a5d004e7bfff |
| Efstool local root exploit which works against Redhat 7.3. Homepage: http://www.daforest.org/~j0ker/index.html . By Joker |
| Trillian-Privmsg.c | 2377 | Sep 20 2002 07:32:58 | b8200c45f1819c16c6c76345ee427d53 |
| Exploit for the PRIVMESG DoS that exists in several Trillian versions. This code, which emulates an IRC server, should work against Trillian version 0.73 and 0.74. Compiles on Windows - Tested with Borland 5.5 Commandline Tools. By Lance Fitz-Herbert |
| ES-cisco-vpn.c | 3087 | Sep 19 2002 05:07:14 | a2c3a57714a738b22361ec246558f0da |
| Cisco VPN 5000 Linux client version 5.1.5 local root exploit that uses the close_tunnel binary. By ElectronicSouls |
| cisco-vpn-5000-lnx.c | 1848 | Sep 19 2002 05:02:03 | 7943a0a865858b090e32ef6d43864ca5 |
| This exploit abuses a local buffer overflow in the Cisco VPN 5000 Linux client v5.1.5 close_tunnel binary to spawn a root shell. Homepage: http://www.safemode.org. By Zillion |
| k3.c | 1985 | Sep 19 2002 02:33:53 | a91745fde8b472e0455ff81b929e63c3 |
| k3.c is a Linux proof of concept exploit for a buffer overflow vulnerability that exists in the atftp client version 0.5 and 0.6. Homepage: http://www.netric.org By sacrine. |
| apache-linux.txt | 18138 | Sep 18 2002 23:39:21 | 6c13247823eb45dd5c16db33f5077072 |
| Apache OpenSSL handshake exploit for Linux/x86, from a circulating Apache worm. Spawns a nobody shell on tcp port 30464. Includes targets for most recent distributions. By Nebunu |
| free-apache.txt | 9102 | Sep 18 2002 23:34:19 | c951622daa65e39d1df562c2219acecc |
| FreeBSD Apache exploit based on apache-worm.c. Affects FreeBSD 4.5 Apache 1.3.20-24. Sends a nobody shell to TCP port 30464. This is a fixed version - Prior versions were broken. By Nebunu |
| openssl-too-open.tar..> | 18396 | Sep 17 2002 06:49:52 | 6c37282f541f13add85e5b2b76e3678e |
| OpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis. Homepage: http://phreedom.org. By Solar Eclipse |
| idefense.libkvm.txt | 3351 | Sep 17 2002 05:29:59 | b728af73087e744934fdfbbea052f689 |
| iDEFENSE Security Advisory 09.16.2002 - The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These five programs are installed setgid kmem by default. Exploit information included. Homepage: http://www.idefense.com. By David Endler and Jaguar |
| lconfmdk.c | 4215 | Sep 17 2002 04:39:57 | 0d6dda171bc76298526af8422229e9cb |
| Linuxconf local root exploit for Mandrake 8.2. By Priest. |
| pwck_expl.c | 2212 | Sep 16 2002 20:38:42 | e75c0f9d4f3f94b01dfe8ec10f582fa4 |
| Pwck local exploit for Redhat 7.2. /usr/sbin/pwck must be -rwsr-sr-x to give a root shell. By Klep |
| bugtraqworm.tgz | 87726 | Sep 16 2002 10:19:29 | fc2a65953a4b98971888d9b5df4d1c53 |
| Linux Slapper Worm - This file contains the binaries and source code for the current Apache worm which affects multiple versions of Linux. It exploits an OpenSSL buffer overflow to run a shell on the remote system and also contains the ability to perform a DDoS attack. These files were found in the wild from machines that had been compromised. |
| efstool.txt | 6573 | Sep 12 2002 15:27:30 | 044dc4da250fc55be975c7fb9c557d87 |
| Efstool local root exploit. A condition has been found in efstool which is shipped with Redhat and Slackware linux (and possibly other distributions) which, given the right environment, root privileges can be gained. Full research provided. Homepage: http://www.soldierx.com. By ntfx |
| sx-slap.pl | 1106 | Sep 12 2002 05:22:18 | 727c37f6b87d09e49e5738313b20ce83 |
| Remote / Local buffer overflow for Savant Web Server 3.1 and below, as described in Foundstone advisory 091002-SVWS. Crashes the daemon, no patch is available as of the 11th of Sept, 02. Homepage: http://legion2000.security.nu. By NTFX |
| targets.319 | 34692 | Sep 11 2002 07:31:01 | d6d6df1179ca1c74160efd5cdeb5b0c0 |
| List of targets for the x2 remote crc32 ssh exploit which contains 319 entries. |
| coudrape.c | 1621 | Sep 11 2002 07:18:00 | 84517123be77c81385f4331da5de0b49 |
| Efstool local root exploit for linux/x86 in C. By Cloudass |
| efstool.pl | 646 | Sep 11 2002 07:15:00 | adcba327cd833a9c94c4cfbf10570e96 |
| Efstool local root exploit for linux/x86 in perl. By user_15335[at]erato.uk.clara.net |
| autolinuxconf.tgz | 2880 | Sep 11 2002 07:05:00 | 835c256e407b88f79f3720a9d406f353 |
| Autolinuxconf.tgz is an improved exploit for linuxconf <= 1.28r3 which has been found to work on Mandrake 8.1 and 8.2 and Redhat 7.2 and 7.3. Homepage: http://www.myseq.com. By Syscalls |
| woltlab.txt | 1959 | Sep 10 2002 23:30:05 | f6e418e576a98c54acfc3e3af0967bb9 |
| Woltlab Burning Board 2.0 RC 1 has a vulnerability that allows any user (even guests, depending on the configuration) to compromise every other account due to a variable containing unchecked user input in board.php, which can be used for a sql injection attack. By Cano2 |
| gm010-ie | 4712 | Sep 10 2002 23:20:53 | 0a3d976bfa8b7f03c04ae3576b7fb110 |
| GreyMagic Security Advisory GM#010-IE - Microsoft Internet Explorer 5.5 and above are vulnerable to an attacker who can execute scripts on any page that contains frame or iframe elements, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that an attacker can steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine. Note that any other application that uses Internet Explorer's engine is also affected. Homepage: http://sec.greymagic.com/adv/gm010-ie/. |
| TRU64_xkb | 2175 | Sep 10 2002 22:38:22 | b7d1b4f1d2f36cd4d8925080798e18fd |
| Proof of concept local root exploit for _XKB_CHARSET on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_su | 946 | Sep 10 2002 22:36:28 | f587978781a3655004ef60d6595781ee |
| Another version of the proof of concept local root exploit for su on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_nlspath | 2859 | Sep 10 2002 22:27:31 | dee2152324a9cc4b106b58e6c131dfef |
| Proof of concept local root exploit written in Perl for NLSPATH overflow on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_dxterm | 901 | Sep 10 2002 22:20:02 | dcff3ccecc59db66d33b935d1b1113d9 |
| Proof of concept local root exploit for dxterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_dtterm | 1037 | Sep 10 2002 22:17:34 | fbc1785d31e44f9c9588303d7828137f |
| Proof of concept local root exploit for dtterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_dtprintinfo | 992 | Sep 10 2002 22:15:10 | 7e52f96fd8503185cc33cb015befcb06 |
| Proof of concept local root exploit for dtprintinfo on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
| TRU64_dtaction | 995 | Sep 10 2002 22:10:28 | bad813771eedaf4767d6244cfb4ba69c |
| Proof of concept local root exploit for dtaction on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com/. By stripey |
| phpcrlf.txt | 4861 | Sep 10 2002 21:25:52 | fb701d51ad9b8b40f4146b525decc01a |
| fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays. By Ulf Harnhammar |
| trillian-ini-decrypt..> | 5538 | Sep 9 2002 21:53:31 | 8f33c678cbd7adb091aaa4b1764a89ce |
| Trillian, a popular utility used in conjunction with various Instant Messaging like ICQ, AIM, MSN Messenger, etc, stores a User's password utilizing a simple XOR with a key that is uniform throughout every installation. This utility decrypts all related .INI files displaying a list of usernames, "encrypted" passwords, and plain text passwords. By Evan Nemerson |
| massrooter.tar.gz | 1505102 | Sep 6 2002 17:33:48 | 7b5a9c6d711c0796b6a85aa94c7a1f52 |
| Massrooter takes advantage of vulnerabilities in bind, lpd, rpc, wuftpd, telnet, mail, ssl, and ssh on multiple systems. By Daddy_cad |
| wuscan.tgz | 183110 | Sep 6 2002 17:32:43 | eb2b86497f9b9f51773beea85d15123a |
| Wu-ftpd 2.6.1 mass rooter / scanner. By Daddy_cad |
| ssh3.tar.gz | 2241217 | Sep 6 2002 17:30:02 | abf180ace6bd404efc6c00127e6d5213 |
| Ssh3.tar.gz is a LPRng, Named, FTPD, SSHD, RPC and Telnetd mass scanner/rooter. By Daddy_cad |
| SQLTools.rar | 85807 | Sep 5 2002 23:05:17 | efeeb8be77d011e25f8dc1cfb38fa77e |
| SQLTools is a collection of tools for auditing MSSQL servers including SQLScanner,SQLPing, SQLCracker, SQLDOSStorm, and SQLOverflowDos. By Refdom |
| upb.admin.txt | 2155 | Sep 5 2002 22:47:23 | b062b12a3b4fcbc8784d6ef88b87722a |
| Ultimate PHP Board (UPB) prior to Public Beta v1.0b allows users to gain admin access. Exploit information included. Homepage: http://www.hackeri.org. By Hipik |
| afd-expl.c | 2205 | Sep 5 2002 21:33:42 | f273a2abf33bbe40cc716f3cc0cc09a5 |
| AFD v1.2.14 local root heap overflow exploit. Includes offset for Redhat 7.3 and instructions for finding offsets. Homepage: http://www.netric.org. By eSDee |
| pirch98.zip | 15901 | Sep 5 2002 00:14:24 | 4828fff9ebe60b2e0057cb601748011c |
| Pirch98 irc client contains a buffer overflow which can allow remote code execution in the way that pirch 98 handles links to other channels and websites. The Pirch98 client now shipping at www.pirch.com has been fixed. Includes ASM source and Windows binary for an exploit which opens a shell on port 31337. By Vecna |
| SurfinGate.txt | 2471 | Sep 4 2002 23:59:30 | 1458603dc6c13802ef082062b929b537 |
| The Finjan SurfinGate 6.0x on Windows NT 4.0 and 2000 can be bypassed by using IP addresses instead of hostnames or by adding a dot to the end of hostnames. Homepage: http://www.computec.ch. By Marc Ruef |
| pwck_exp.c | 3099 | Sep 4 2002 22:30:36 | 5bf12aa6da163e5d29f5c86199ba3290 |
| Pwck local linux buffer overflow exploit. By default /usr/sbin/pwck is not setuid, if +s pwck bingo #. Tested on Mandrake 8.2. By Tacettin |
| SQLScan.zip | 24788 | Sep 4 2002 22:07:41 | 6e80ac480a5081c6d7b2b7381a02f471 |
| SQLScan v1.0 is intended to run against Microsoft SQL Server and attempts to connect directly to port 1433. Features the ability to scan one host or an IP list from an input file, the ability to scan for one SQL account password or multiple passwords from a dictionary file, and the ability to create an administrative NT backdoor account on vulnerable hosts, which will fail if xp_cmdshell is disabled on the server. By NTSleuth |
| smbkillah.c | 16004 | Sep 4 2002 15:54:35 | 6fd9ace29c75dceb75b2523f9af18d4f |
| Smbkillah.c exploits the SMB death bug in the WinXX OS. By b0uNtYkI113r |
| scrollkeeper.txt | 3668 | Sep 3 2002 23:02:08 | 50e765c00289c2db6b2c1e3233a003bc |
| A vulnerability exists in the insecure creation of files in /tmp by Scrollkeeper versions 0.3.4 and 0.3.11. Proof of concept exploit included. By Spybreak |
| aspcode.c | 45626 | Sep 2 2002 17:38:42 | 921d412df9cff8fa94e2aaff0a650ce3 |
| Aspcode.c is an IIS v4.0, 5.0 5.1 asp.dll buffer overflow exploit for Windows. By Yuange |
| sws_web_killer.c | 2157 | Sep 2 2002 09:32:39 | b4f2224f7060b64ce3e013d5f258a859 |
| Proof of Concept Exploit for SWS Web Server v0.1.0. The SWS web server will re-spawn its process every time it receives a string without a linebreak. Tested on: Slackware 8.1 and Redhat 7.0. By SaMaN |
| elinuxconf2.c | 1687 | Sep 2 2002 09:10:41 | 9902c624a4fa627d34e0dd222043ded8 |
| Another Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on Mandrake Linux 8.2. Homepage: http://www.scan-associates.net. By pokleyzz |
| linuxconf.c | 1917 | Sep 2 2002 09:07:09 | 9e3fb1c2aba9c8f13a8b0068713b3667 |
| Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on RedHat 7.0 with linuxconf 1.25r3. By Jin Yean Tan |
| cgitelnet.pdf | 45271 | Sep 2 2002 08:35:23 | cb3d0aa2678e9486c390c0e477aa0e01 |
| CGI-Telnet 1.0, a cgi telnet script that runs on various Unix and NT webservers has vulnerabilities which can be manipulated into giving a user access. The password file is accessible in the web path and passwords are kept DES encrypted. Homepage: http://neoerudition.net. By Lawrence Lavigne |
