Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 11:56:41 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1882252640&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Shadow%20Penguin%20Security%20%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fgroups%2Fshadowpenguin%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1882252640.1338206201.1338206201.1338206201.1%3B%2B__utmz%3D32867617.1338206201.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/26372/gdd23.tar.gz http://packetstormsecurity.org/files/26372/gdd23.tar.gz http://packetstormsecurity.org/files/26372/gdd23.tar.gz.html Mon, 08 Jul 2002 07:22:35 GMT GreedyDog v2.3 is an ethernet packet sniffer for Linux, FreeBSD, OpenBSD, NetBSD, Solaris, IRIX, SunOS4, AIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. Very portable. Manual is here. http://packetstormsecurity.org/files/22657/sps39.acrobat.txt http://packetstormsecurity.org/files/22657/sps39.acrobat.txt http://packetstormsecurity.org/files/22657/sps39.acrobat.txt.html Thu, 27 Jul 2000 20:19:20 GMT Shadowpenguin Security Advisory #39 - Adobe Acrobat Series PDF File buffer overflow. Many versions of Acrobat for Windows95/98/NT/2000 overflows when reading the PDF file which has long Registry or Ordering. The EIP can be controled and arbitrary code can be executed on the machine which views the PDF file. Patches available here. http://packetstormsecurity.org/files/11223/getcode010.lzh http://packetstormsecurity.org/files/11223/getcode010.lzh http://packetstormsecurity.org/files/11223/getcode010.lzh.html Thu, 09 Dec 1999 02:14:22 GMT Getcode assists you in coding windows exploits by getting the codes for jmp reg,call reg,push reg;ret from some loaded dlls. http://packetstormsecurity.org/files/11378/ex_inc.c http://packetstormsecurity.org/files/11378/ex_inc.c http://packetstormsecurity.org/files/11378/ex_inc.c.html Thu, 25 Nov 1999 03:05:08 GMT ex_inc.c exploits a bounds checking error in /usr/jp/bin/mh/inc which was distributed with the mh-6.8.3 package. Local root compromise. http://packetstormsecurity.org/files/11379/ex_bbc.c http://packetstormsecurity.org/files/11379/ex_bbc.c http://packetstormsecurity.org/files/11379/ex_bbc.c.html Thu, 25 Nov 1999 03:00:00 GMT ex_bbc.c exploits a bounds checking error in /usr/jp/bin/mh/bbc which was distributed with the mh-6.8.3 package. Local root compromise. http://packetstormsecurity.org/files/11355/ex_kcms_configure86.c http://packetstormsecurity.org/files/11355/ex_kcms_configure86.c http://packetstormsecurity.org/files/11355/ex_kcms_configure86.c.html Thu, 25 Nov 1999 03:00:00 GMT kcms_configure has a overflow bug with "-P" option and it has been reported(107339-01). But this program has another hole. This hole has not been not reported, and the paches are not published at this time. kcms_configure overflows if long string is specified in NETPATH environment, and it is exploitable. I have included an exploit for Solaris7 intel edition to obtain root privilege. http://packetstormsecurity.org/files/11290/ex_kcms_configuresp.c http://packetstormsecurity.org/files/11290/ex_kcms_configuresp.c http://packetstormsecurity.org/files/11290/ex_kcms_configuresp.c.html Thu, 25 Nov 1999 03:00:00 GMT The vulnerability in kcms_configure also exists in Solaris 2.6 and 2.7 sparc edition. Exploit included. http://packetstormsecurity.org/files/11354/ex_mailtool.c http://packetstormsecurity.org/files/11354/ex_mailtool.c http://packetstormsecurity.org/files/11354/ex_mailtool.c.html Thu, 25 Nov 1999 03:00:00 GMT The mailer programs (mailtool and dtmail) and mail message print filter (dtmailpr) which are installed on Solaris7 have exploitable buffer overflow bugs. These programs are sgid (mail group) programs, local user can obtain mail group. The mail files are generated with 660 permission, so any user can read/write other user's mail files. I coded the exploits to get mail gid(egid=6). There are for Intel Solaris7. There are same kind of problems on Sparc Solaris7 and Solaris2.6 (Intel,Sparc). http://packetstormsecurity.org/files/16388/amloger.c http://packetstormsecurity.org/files/16388/amloger.c http://packetstormsecurity.org/files/16388/amloger.c.html Fri, 05 Nov 1999 22:24:09 GMT This is a auto logger for Amuser-net BBS which is used in the many Japanese underground sites http://packetstormsecurity.org/files/16358/cgiexp.c http://packetstormsecurity.org/files/16358/cgiexp.c http://packetstormsecurity.org/files/16358/cgiexp.c.html Fri, 05 Nov 1999 22:24:09 GMT This utility lists the servers which have the security vulnerabilities of CGI program. This utility supports the pht, test-cgi, nph-test-cgi, campas, htmlscritp, servce, pwd. The addition of new vulnerabilities is very easy. http://packetstormsecurity.org/files/16357/easyscan.c http://packetstormsecurity.org/files/16357/easyscan.c http://packetstormsecurity.org/files/16357/easyscan.c.html Fri, 05 Nov 1999 22:24:09 GMT The simple full-connection TCP port scanner. This utility lists the servers that open the specified port. http://packetstormsecurity.org/files/16350/ex_admintool.c http://packetstormsecurity.org/files/16350/ex_admintool.c http://packetstormsecurity.org/files/16350/ex_admintool.c.html Fri, 05 Nov 1999 22:24:09 GMT Admintool local root exploit for Solaris2.6/7 Sparc machines. http://packetstormsecurity.org/files/16394/ex_almail.c http://packetstormsecurity.org/files/16394/ex_almail.c http://packetstormsecurity.org/files/16394/ex_almail.c.html Fri, 05 Nov 1999 22:24:09 GMT We found the overflow bug of AL-Mail32 Ver1.10. It overflows when that receives the long message of From: or Reply-To:. If the POP3 server send the long reply message that contains the exploit code, client executes any code. This exploit code execute any command on the target windows. http://packetstormsecurity.org/files/16408/ex_anhttpd.txt http://packetstormsecurity.org/files/16408/ex_anhttpd.txt http://packetstormsecurity.org/files/16408/ex_anhttpd.txt.html Fri, 05 Nov 1999 22:24:09 GMT The test CGIs which are distributed with AN-HTTPd 1.20b contain the remote command execution problem. http://packetstormsecurity.org/files/16354/ex_canuum.c http://packetstormsecurity.org/files/16354/ex_canuum.c http://packetstormsecurity.org/files/16354/ex_canuum.c.html Fri, 05 Nov 1999 22:24:09 GMT Local root exploit code for buffer overflow in canuum for Japanese Linux. http://packetstormsecurity.org/files/16393/ex_chocoa.c http://packetstormsecurity.org/files/16393/ex_chocoa.c http://packetstormsecurity.org/files/16393/ex_chocoa.c.html Fri, 05 Nov 1999 22:24:09 GMT We found the overflow bug of CHOCOA 1.0beta7R. It overflows when that receives the long TOPIC. If the server send the long TOPIC that contains the exploit code, client executes any code. This exploit code execute any command on the target windows. http://packetstormsecurity.org/files/16400/ex_cmail.c http://packetstormsecurity.org/files/16400/ex_cmail.c http://packetstormsecurity.org/files/16400/ex_cmail.c.html Fri, 05 Nov 1999 22:24:09 GMT We found the overflow bug of CMail Server 2.3 SP2. It overflows when that receives the long MAIL FROM: in SMTP handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the CMail Server 2.3 SP2. http://packetstormsecurity.org/files/11462/ex_emc.c http://packetstormsecurity.org/files/11462/ex_emc.c http://packetstormsecurity.org/files/11462/ex_emc.c.html Fri, 05 Nov 1999 22:24:09 GMT Buffer overflow in E-MailClub Ver1.0.0.5. It overflows when that receives the long From: in POP3 handling. If the host recives the mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example generates the e-mail which contains the exploit code that reboot the target host. This exploit is coded for Windows98 Japanese edition, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT. http://packetstormsecurity.org/files/16401/ex_fuse.c http://packetstormsecurity.org/files/16401/ex_fuse.c http://packetstormsecurity.org/files/16401/ex_fuse.c.html Fri, 05 Nov 1999 22:24:09 GMT We found the overflow bug of FuseMail 2.7. It overflows when that receives the long USER or PASS in POP3 handling. If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the CMail FuseMail 2.7. http://packetstormsecurity.org/files/16402/ex_hpprint.c http://packetstormsecurity.org/files/16402/ex_hpprint.c http://packetstormsecurity.org/files/16402/ex_hpprint.c.html Fri, 05 Nov 1999 22:24:09 GMT We found the overflow bug of IBM HomePagePrint 1.0.7. If the visitors "print" or "preview" the web page which contains the long IMG SRC tags, the buffer overflow occurs. If this application reads the IMG SRC tag which is contained the exploit code, the host will be cracked. This sample generates a HTML file which is contained the exploit code that executes any command on the users' host. http://packetstormsecurity.org/files/16409/ex_ie4.c http://packetstormsecurity.org/files/16409/ex_ie4.c http://packetstormsecurity.org/files/16409/ex_ie4.c.html Fri, 05 Nov 1999 22:24:09 GMT Microsoft Internet Explorer 4/5 overflows when the handling of "file://" specification. We coded the following sample codes. This codes generates the HTML file that reboots the client PC if the visitor uses IE4 for Windows98. http://packetstormsecurity.org/files/16410/ex_ie5.c http://packetstormsecurity.org/files/16410/ex_ie5.c http://packetstormsecurity.org/files/16410/ex_ie5.c.html Fri, 05 Nov 1999 22:24:09 GMT This is overflow exploit for IE5. http://packetstormsecurity.org/files/16403/ex_imagemap.c http://packetstormsecurity.org/files/16403/ex_imagemap.c http://packetstormsecurity.org/files/16403/ex_imagemap.c.html Fri, 05 Nov 1999 22:24:09 GMT Imagemap CGI which is written by C language is distributed with OmniHTTPd Pro2.04(shareware) and Ver1.01 (freeware), it has a security hole by the buffer overflow. Any instructions can be executed on the victim host by using this buffer overflow bug. http://packetstormsecurity.org/files/16411/ex_irfan.c http://packetstormsecurity.org/files/16411/ex_irfan.c http://packetstormsecurity.org/files/16411/ex_irfan.c.html Fri, 05 Nov 1999 22:24:09 GMT The popular Image viewer "Irfan View32" contains the buffer overflow problem, this problem exists in the handling of Adobe Photoshop image file. This code generates the jpg file which contains the exploit code that generates "exp.com" in "c:\" and executes it. "exp.com" is a simple demo program, there is no danger. http://packetstormsecurity.org/files/16351/ex_libc.c http://packetstormsecurity.org/files/16351/ex_libc.c http://packetstormsecurity.org/files/16351/ex_libc.c.html Fri, 05 Nov 1999 22:24:09 GMT Exploit code for Solaris 2.6, 2.7 (sparc) libc/LC_MESSAGES buffer overflow that results in root compromise.