Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:08:38 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1510592496&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fadvisories%2Fb0f%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1510592496.1338178118.1338178118.1338178118.1%3B%2B__utmz%3D32867617.1338178118.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/23075/access-counter.pl http://packetstormsecurity.org/files/23075/access-counter.pl http://packetstormsecurity.org/files/23075/access-counter.pl.html Wed, 13 Sep 2000 04:18:27 GMT The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server. http://packetstormsecurity.org/files/23072/lpset.pl http://packetstormsecurity.org/files/23072/lpset.pl http://packetstormsecurity.org/files/23072/lpset.pl.html Wed, 13 Sep 2000 04:06:48 GMT Perl port of the /usr/bin/lpset local root vulnerability in Solaris/SPARC 2.7. Based on lpset.sh. http://packetstormsecurity.org/files/22605/smegma_v0.4.tgz http://packetstormsecurity.org/files/22605/smegma_v0.4.tgz http://packetstormsecurity.org/files/22605/smegma_v0.4.tgz.html Mon, 24 Jul 2000 16:24:06 GMT SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers). http://packetstormsecurity.org/files/22469/smegma_v0.2.tgz http://packetstormsecurity.org/files/22469/smegma_v0.2.tgz http://packetstormsecurity.org/files/22469/smegma_v0.2.tgz.html Sat, 08 Jul 2000 05:56:51 GMT SMEGMA is an engine for generating garbled shellcode using several encryption mechanisms and making it self-decryptable by putting an Intel x86 machine-code decryptor in front of it. It uses a hand-written C lexer to grab the shellcode from sourcefiles and try and identify it. Use SMEGMA to modify shellcode in which characters get ruined by regular expressions (often seen in CGI binaries, web applications and webservers). http://packetstormsecurity.org/files/22435/htaccess-admin.tar.gz http://packetstormsecurity.org/files/22435/htaccess-admin.tar.gz http://packetstormsecurity.org/files/22435/htaccess-admin.tar.gz.html Wed, 05 Jul 2000 21:55:30 GMT htaccess.tar - Perl script for adding users to the .htaccess file. Includes information on how to set up password protected web pages. http://packetstormsecurity.org/files/22434/elm-exploit.c http://packetstormsecurity.org/files/22434/elm-exploit.c http://packetstormsecurity.org/files/22434/elm-exploit.c.html Wed, 05 Jul 2000 21:53:02 GMT Linux Elm 2.4/2.5 local exploit - This will give you a shell(gid=12) if /usr/bin/elm is SGID. Tested on slackware 4.0 and redhat 5.1. http://packetstormsecurity.org/files/22433/majordomeX.sh http://packetstormsecurity.org/files/22433/majordomeX.sh http://packetstormsecurity.org/files/22433/majordomeX.sh.html Wed, 05 Jul 2000 21:51:36 GMT Majordomo v1.94.5 local linux exploit - run commands as the UID that majordomo runs under. http://packetstormsecurity.org/files/22073/sscan2k-pre3.b0f.tar.gz http://packetstormsecurity.org/files/22073/sscan2k-pre3.b0f.tar.gz http://packetstormsecurity.org/files/22073/sscan2k-pre3.b0f.tar.gz.html Thu, 08 Jun 2000 20:22:42 GMT sscan2k is a remote auditing/vulnerability scanner which determines remote OS, and scans the host for applicable vulnerabilities. Features updated vulnerability checks, a scripting language, support for plugins and addons, configureable OS fingerprints, dns zone and subnet scans. Based off sscan by jsbach. http://packetstormsecurity.org/files/22038/mod_backdoor.c http://packetstormsecurity.org/files/22038/mod_backdoor.c http://packetstormsecurity.org/files/22038/mod_backdoor.c.html Mon, 05 Jun 2000 18:52:24 GMT Apache DSO backdoor - A get request to a "special" url allows remote command execution. http://packetstormsecurity.org/files/21901/hellex.c http://packetstormsecurity.org/files/21901/hellex.c http://packetstormsecurity.org/files/21901/hellex.c.html Tue, 23 May 2000 15:33:52 GMT hellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0. http://packetstormsecurity.org/files/21896/sscan2k-pre2.b0f.tar.gz http://packetstormsecurity.org/files/21896/sscan2k-pre2.b0f.tar.gz http://packetstormsecurity.org/files/21896/sscan2k-pre2.b0f.tar.gz.html Mon, 22 May 2000 22:16:13 GMT sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc. http://packetstormsecurity.org/files/21845/syrin15.zip http://packetstormsecurity.org/files/21845/syrin15.zip http://packetstormsecurity.org/files/21845/syrin15.zip.html Wed, 17 May 2000 16:37:34 GMT Buffer Syringe is a tool for win32 that tests a daemon for buffer overflow on it's parameter(s) sort of "brute forcing" or "stressing" the daemon by means of injecting a user specified parameter or a command with a value of a user specified number of characters to the daemon. Chances are, if the parameter being tested is vulnerable to an overflow, and the user specified number of characters exceeds that of the parameter's limit, then the daemon would likely crash. http://packetstormsecurity.org/files/17854/Neon_beta5.c http://packetstormsecurity.org/files/17854/Neon_beta5.c http://packetstormsecurity.org/files/17854/Neon_beta5.c.html Fri, 12 May 2000 02:48:01 GMT Neon beta5 - Simple Host or Iplist cgi Scanner which does 358 checks. http://packetstormsecurity.org/files/17825/Neon_beta4.c http://packetstormsecurity.org/files/17825/Neon_beta4.c http://packetstormsecurity.org/files/17825/Neon_beta4.c.html Tue, 09 May 2000 21:23:30 GMT -(- Neon beta4 -)- Simple Host or Iplist Cgi Scanner ( 356 ) Checks http://packetstormsecurity.org/files/17823/OMNI.SH http://packetstormsecurity.org/files/17823/OMNI.SH http://packetstormsecurity.org/files/17823/OMNI.SH.html Tue, 09 May 2000 21:21:08 GMT Exploit/DoS for OmniHTTPd pro v.2.06 Win98 (NT not tested). The result is crash of remote server. http://packetstormsecurity.org/files/17807/b0stt.tar.gz http://packetstormsecurity.org/files/17807/b0stt.tar.gz http://packetstormsecurity.org/files/17807/b0stt.tar.gz.html Mon, 08 May 2000 03:09:22 GMT Buffer0verfl0w Security Team Ssh Trojan - Does not log anything to system logs(utmp,wtmp,lastlog and the rest of syslogd logs), it also logs all incoming/outcoming ssh passwords. http://packetstormsecurity.org/files/17797/aurora.tgz http://packetstormsecurity.org/files/17797/aurora.tgz http://packetstormsecurity.org/files/17797/aurora.tgz.html Fri, 05 May 2000 20:06:34 GMT Project aurora is lamagra's non-blind LAN spoofing project. It can be used to create TCP connections from a non-existing box or another box in the network. The biggest problem while spoofing was guessing the sequence numbers to acknowledge and that the other box always sends back a reset when it receives a SYN|ACK. This used to be solved by abusing small bugs in the tcpip stack. http://packetstormsecurity.org/files/17796/spider.tgz http://packetstormsecurity.org/files/17796/spider.tgz http://packetstormsecurity.org/files/17796/spider.tgz.html Fri, 05 May 2000 20:04:01 GMT fs-spider is a multi-threaded bad permissions finder (user defined). It http://packetstormsecurity.org/files/17795/connect.c http://packetstormsecurity.org/files/17795/connect.c http://packetstormsecurity.org/files/17795/connect.c.html Fri, 05 May 2000 19:57:15 GMT This shellcode creates a connection to a host/port and starts a shell. This should be more anti-IDS then the others and it can go through a firewall. http://packetstormsecurity.org/files/17728/tp2.sh http://packetstormsecurity.org/files/17728/tp2.sh http://packetstormsecurity.org/files/17728/tp2.sh.html Thu, 27 Apr 2000 16:24:08 GMT Timbuktu Pro 2.0b650 denial of service exploit. http://packetstormsecurity.org/files/17716/sqlsyslogd.c http://packetstormsecurity.org/files/17716/sqlsyslogd.c http://packetstormsecurity.org/files/17716/sqlsyslogd.c.html Wed, 26 Apr 2000 00:55:38 GMT syslogd-to-MySQL wrapper v0.1 prebeta. Stores syslog messages in a MySQL database. Written for FreeBSD. http://packetstormsecurity.org/files/17715/plogd2.c http://packetstormsecurity.org/files/17715/plogd2.c http://packetstormsecurity.org/files/17715/plogd2.c.html Wed, 26 Apr 2000 00:49:08 GMT Plogd v2 (Revision 1.5) is a syn/udp/icmp packet logger for freebsd. http://packetstormsecurity.org/files/17690/b0f3-ncurses.txt http://packetstormsecurity.org/files/17690/b0f3-ncurses.txt http://packetstormsecurity.org/files/17690/b0f3-ncurses.txt.html Mon, 24 Apr 2000 22:37:30 GMT BufferOverflow Security Advisory #3 - libncurses buffer overflow in NCURSES 1.8.6 on FreeBSD 3.4-STABLE. Setuid programs linked with libncurses can be exploited to obtain root access. http://packetstormsecurity.org/files/17650/gibd00r3.c http://packetstormsecurity.org/files/17650/gibd00r3.c http://packetstormsecurity.org/files/17650/gibd00r3.c.html Fri, 21 Apr 2000 20:04:00 GMT gibd00r3.c is a passworded backdoor which pretends to be an ident daemon. http://packetstormsecurity.org/files/17651/nschecker.sh http://packetstormsecurity.org/files/17651/nschecker.sh http://packetstormsecurity.org/files/17651/nschecker.sh.html Fri, 21 Apr 2000 20:04:00 GMT nschecker.sh NS Security Scanner - Uses dig to query the bind version from a list of ips.