Section: .. / 0304-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	0304-exploits.tgz
Description:	Packet Storm new exploits for April, 2003.
File Size:	122177
Last Modified:	Jul 14 20:31:21 2003
MD5 Checksum:	e7ff817b4f14361992054b05c064b6f2

/// File Name:	sambal.c
Description:	Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
Author:	eSDee
Homepage:	http://www.netric.org/
File Size:	35508
Last Modified:	Apr 10 22:32:05 2003
MD5 Checksum:	27b711137a11d23653dadbd3ab4d0ccc

/// File Name:	OpenFuckV2.c
Description:	Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux. Updates: More targets have been added and this version of the exploit also attempts to download the ptrace exploit, compile, and execute it in an attempt to gain root privileges.
Author:	Spabam
Homepage:	http://spabam.tk
File Size:	32221
Last Modified:	Apr 5 19:52:29 2003
MD5 Checksum:	74736770ccf70b0a51ab16be165f6884

/// File Name:	0x82-Remote.54AAb4.xpl.c
Description:	FreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
Author:	Xpl017Elz
Homepage:	http://x82.inetcop.org
File Size:	15625
Last Modified:	Apr 18 10:18:21 2003
MD5 Checksum:	ec9f643cb6856a51dfa1e9fc75d70906

/// File Name:	THCunREAL_V0.2.ZIP
Description:	Updated version of the remote root exploit for Realserver 8 on several Windows platforms.
Author:	Johnny Cyberpunk
Homepage:	http://www.thc.org/misc/sploits
Changes:	New shellcode added and the code has been condensed.
File Size:	15460
Last Modified:	Apr 30 04:18:31 2003
MD5 Checksum:	e6997ae88e68cb958cb34e60f1d9e429

/// File Name:	0x82-Remote.XxxxBSD_passlogd.xpl.c
Description:	Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	13396
Last Modified:	Apr 10 03:40:28 2003
MD5 Checksum:	fc80e62e429a718916250f5fcf6c842f

/// File Name:	bysin.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
Author:	bysin.
File Size:	12573
Last Modified:	Apr 30 09:33:15 2003
MD5 Checksum:	df191d0300a456e052e99130d4837115

/// File Name:	sormail.c
Description:	Local exploit for sendmail 8.11.6 which takes advantage of the vulnerable prescan() function which allows users to input 0xff to skip the length check of the buffer. Includes targets for Slackware 8.0, Redhat 7.2, and Redhat 7.3.
Author:	Sorbo
Homepage:	http://www.darkircop.org
File Size:	11320
Last Modified:	Apr 18 09:39:45 2003
MD5 Checksum:	339af799e3edcf9140fa735a802bfc8e

/// File Name:	0x82-Remote.passlogd_sniff.xpl.c
Description:	Remote exploit for the buffer overrun found in passlogd. Target list includes four flavors of Linux with more to come.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	11034
Last Modified:	Apr 3 17:54:49 2003
MD5 Checksum:	83b091d93ebf795346148208ce789b44

/// File Name:	poptop-sane.c
Description:	Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
File Size:	10772
Last Modified:	Apr 30 16:24:42 2003
MD5 Checksum:	2b243280f9e11f0791582194ec588922

/// File Name:	SCSA015.txt
Description:	Security Corporation Security Advisory [SCSA-015]: PowerFTP has a denial of service vulnerability that allows a remote attackers to crash the server by executing a specific command with a buffer of 1994 or 1995 bytes in length or more.
Author:	Gregory Le Bras
Homepage:	http://www.Security-Corp.org
File Size:	8292
Last Modified:	Apr 2 01:41:54 2003
MD5 Checksum:	d5877935727cdaa8b9cb9ba43c38bdc1

/// File Name:	SCSA014.txt
Description:	Security Corporation Security Advisory [SCSA-014]: EZ Server, which provides both HTTP and FTP services, has a denial of service vulnerability in the FTP server that allows a remote attackers to crash the server by executing a specific command with a buffer of 1994 or 1995 bytes in length or more.
Author:	Gregory Le Bras
Homepage:	http://www.Security-Corp.org
File Size:	8029
Last Modified:	Apr 2 00:45:45 2003
MD5 Checksum:	131bdc15f4f9b0e47e5848e82acb7598

/// File Name:	rpcexp.c
Description:	Microsoft Windows RPC Locator Service remote exploit. Binds cmd.exe to port 5151. Tested again Windows 2000 SP3 and Windows NT 4 SP6a.
Author:	Marcin Wolak
File Size:	7923
Related CVE(s):	CAN-2003-0003
Last Modified:	Apr 2 23:55:44 2003
MD5 Checksum:	1c54314eaaa5599e809910e5ba1957b3

/// File Name:	regexploit.c
Description:	Local exploit/trojan that makes use of REGEDIT.EXE. Any file containing a value of more than 260 characters causes an error exception by the RegSetValueExW function, which then uses a function of NTDLL.DLL which is vulnerable.
Author:	ThreaT
Homepage:	http://www.chez.com/mvm
File Size:	7095
Last Modified:	Apr 5 20:00:24 2003
MD5 Checksum:	4e0643d6654634b53c7b22b0a871dc54

/// File Name:	0x333hate.c
Description:	Samba 2.2.x Remote root exploit. Tested against RedHat 8.0.
Author:	c0wboy
Homepage:	http://www.0x333.org
File Size:	6512
Last Modified:	Apr 30 05:43:14 2003
MD5 Checksum:	b45ad451237a0852cb806d8096116923

/// File Name:	coppermine.tgz
Description:	Coppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
Author:	Berend-Jan Wever
Homepage:	http://spoor12.edup.tudelft.nl
File Size:	6446
Last Modified:	Apr 10 05:34:32 2003
MD5 Checksum:	9dff4ed3d9e5f7147f3f1ea940fe8b22

/// File Name:	myptrace.c
Description:	Local root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
File Size:	6296
Last Modified:	Apr 11 03:43:51 2003
MD5 Checksum:	bf597c6b557934d445609b525bd5e82f

/// File Name:	passlogd.txt
Description:	A buffer overrun exists in passlogd, the passive syslog capture daemon, in the parse.c code.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	6094
Last Modified:	Apr 3 07:10:09 2003
MD5 Checksum:	c77f0db00f14f1c4b7ee512c80b1ed23

/// File Name:	0x82-Local.Qp0ppa55d.c
Description:	Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org
File Size:	6029
Last Modified:	Apr 30 09:29:36 2003
MD5 Checksum:	ed3ad6341005ca980e5b240e9a2694ec

/// File Name:	abyss.txt
Description:	The Abyss Web Server v1.1.2 and below has a denial of service vulnerability where the server can be crashed remotely via uncompleted fields.
Author:	Auriemma Luigi
Homepage:	http://www.pivx.com/luigi/
File Size:	6010
Last Modified:	Apr 5 19:40:34 2003
MD5 Checksum:	03a2daafc99c121f5d3d6d7588bd0929

/// File Name:	hl-headnut.c
Description:	Denial of service exploit against Half-life servers. After sending 3 specially formed packets the server is unresponsive and there is 100% CPU utilization. Tested against versions 3.1.1.0 under Suse Linux 7.3 and Windows 2000.
Author:	delikon
Homepage:	http://www.delikon.de
File Size:	5367
Last Modified:	Apr 10 05:46:54 2003
MD5 Checksum:	4b7fdf6ea9c385fa1aa0d71210d8f222

/// File Name:	bysin2.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
Author:	bysin.
File Size:	5246
Last Modified:	Apr 30 09:36:42 2003
MD5 Checksum:	5ade4c15fee8ada5982a9cad51e3dea1

/// File Name:	VapidSAP.txt
Description:	SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
Author:	Larry W. Cashdollar
Homepage:	http://vapid.dhs.org
File Size:	4986
Last Modified:	Apr 24 02:18:39 2003
MD5 Checksum:	707baa4e52349edd821816a0181694fe

/// File Name:	p7snort191.sh
Description:	Snort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
Author:	truff
Homepage:	http://www.projet7.org
File Size:	4469
Last Modified:	Apr 24 04:23:31 2003
MD5 Checksum:	63efca99c7a60adabcf0f9933904337e

/// File Name:	DDI1012.txt
Description:	Digital Defense Inc. Security Advisory DDI-1012 - A malformed request used against HP Instant TopTools versions below 5.55 can cause a denial of service against a host by having it constantly it request itself.
Author:	Digital Defense Inc.
Homepage:	http://www.digitaldefense.net/
File Size:	4016
Last Modified:	Apr 2 01:00:01 2003
MD5 Checksum:	9450adbf7971ea4c6efc612826915610