Section: .. / 0008-exploits /
| /// File Name: |
0008-exploits.tgz |
Description:
|
Packet Storm new exploits for August, 2000.
| | File Size: | 1090974 | | Last Modified: | Sep 9 00:50:47 2000 |
| MD5 Checksum: | 3d58f82c7badff1819cdd9e0aebfdbe6 |
|
| /// File Name: |
012.txt |
Description:
|
Pgxconfig is a Raptor graphics card configuration tool for Solaris which has multiple local vulnerabilities. The environment is not sanitized and root privileges are not dropped, allowing commands to be run as root. Local root exploit included.
| | Author: | Suid courtesy of Bugtraq | | Homepage: | http://www.suid.kg | | File Size: | 4572 | | Last Modified: | Aug 2 21:44:15 2000 |
| MD5 Checksum: | 6e972f5716c026877853b5cc1c5cc953 |
|
| /// File Name: |
A090800-1 |
Description:
|
[at]stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service.
| | Homepage: | http://www.atstake.com/research/advisories/2000/ | | File Size: | 5930 | | Last Modified: | Sep 11 19:17:57 2000 |
| MD5 Checksum: | b27171849ec91d61d3294a6e2267d4c0 |
|
| /// File Name: |
AccountManSploit.zip |
Description:
|
Product: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making.
| | Author: | n30 | | File Size: | 1412 | | Last Modified: | Aug 31 02:36:50 2000 |
| MD5 Checksum: | d688ddb050336bd0b13139337235f9c8 |
|
| /// File Name: |
arrayd.c |
Description:
|
Irix 6.5/6.4/6.3/6.2 arrayd remote buffer overflow exploit as described in CA-99-09-arrayd.txt.
| | Homepage: | http://lsd-pl.net | | File Size: | 4658 | | Last Modified: | Sep 8 00:17:00 2000 |
| MD5 Checksum: | e14c5e74a826f15f48e76a155fec4eb9 |
|
| /// File Name: |
autofsd.c |
Description:
|
Autofsd remote buffer overflow exploit for Irix 6.4 and 6.5.
| | Homepage: | http://lsd-pl.net | | File Size: | 2254 | | Last Modified: | Sep 8 00:17:52 2000 |
| MD5 Checksum: | 01378a7a7c5f88bb5c1927e293890131 |
|
| /// File Name: |
awcrash.c |
Description:
|
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
| | Author: | Wildcoyote | | File Size: | 2830 | | Last Modified: | Sep 7 21:57:15 2000 |
| MD5 Checksum: | 8150a9c13739ea0d2df266164a0f3e73 |
|
| /// File Name: |
BOHTTPD-0.1.tar.gz |
Description:
|
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here.
| | Author: | Dan Brumleve | | Homepage: | http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi | | File Size: | 17766 | | Last Modified: | Aug 9 01:50:55 2000 |
| MD5 Checksum: | 1237399111df49d4cbb52de18f034c5e |
|
| /// File Name: |
bohttpd.vulnerability.txt |
Description:
|
A vulnerability has been found in Dan Brumleve's Brown Orifice HTTPD (BOHTTPD) which is a web server and file sharing tool that runs as a Java Applet in Netscape Navigator.
| | Author: | specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. ;Homepage: http://www.etl.go.jp/~takagi. | | File Size: | 1344 | | Last Modified: | Aug 9 05:18:35 2000 |
| MD5 Checksum: | 965d8c14308ad6d17d82ad5910f37ecc |
|
| /// File Name: |
bubonic.c |
Description:
|
Bubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot.
| | Author: | Sil | | Homepage: | http://www.antioffline.com | | File Size: | 6625 | | Last Modified: | Aug 28 11:06:39 2000 |
| MD5 Checksum: | c3272ac6b130a121e601108895f93080 |
|
| /// File Name: |
CIMcheck.exe |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
| | Author: | Neon | | Homepage: | | | File Size: | 553689 | | Last Modified: | Aug 31 00:07:22 2000 |
| MD5 Checksum: | 27e922640c7323b800d752e47458a7f4 |
|
| /// File Name: |
CIMcheck.pl |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
| | Author: | Neon | | Homepage: | | | File Size: | 2352 | | Last Modified: | Aug 31 00:24:11 2000 |
| MD5 Checksum: | 2e1c146eee2782048fd6ac93640d7272 |
|
| /// File Name: |
CIMcheck2.pl |
Description:
|
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
| | Author: | Neon. | | Homepage: | | | File Size: | 2264 | | Last Modified: | Sep 1 19:08:07 2000 |
| MD5 Checksum: | fa0e00c5e4c740f4df71fc63ad10c38a |
|
| /// File Name: |
clientagent662.txt |
Description:
|
Client Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run.
| | Author: | zorgon | | Homepage: | http://www.nightbird.free.fr | | File Size: | 2968 | | Last Modified: | Sep 1 01:01:58 2000 |
| MD5 Checksum: | bdc6bbbc293aae841e2449293838218a |
|
| /// File Name: |
cmctl_exp |
Description:
|
This script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution.
| | Author: | Kevin Wenchel | | File Size: | 587 | | Last Modified: | Sep 1 04:01:46 2000 |
| MD5 Checksum: | bebfde5e1ca0a8b7b5a0798e710c7231 |
|
| /// File Name: |
crackncftp.c |
Description:
|
The ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string.
| | Author: | Zorgon | | Homepage: | http://zorgon.freeshell.org | | File Size: | 5056 | | Last Modified: | Aug 17 03:45:04 2000 |
| MD5 Checksum: | 652d5a84fea593b7798071e24c6325d1 |
|
| /// File Name: |
Critical_Path_CSS |
Description:
|
A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.
| | Author: | Jeffrey W. Baker | | File Size: | 7803 | | Last Modified: | Aug 30 02:41:07 2000 |
| MD5 Checksum: | ce67656bc39d3867917caa86196bff78 |
|
| /// File Name: |
daemonic.c |
Description:
|
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems.
| | Author: | Sil | | Homepage: | http://www.antioffline.com | | File Size: | 8144 | | Last Modified: | Aug 28 10:55:49 2000 |
| MD5 Checksum: | 6f0c6611db0f18e797c8422d40ca25a2 |
|
| /// File Name: |
darxite.tar.gz |
Description:
|
Darxite, a daemon that retrieves files via FTP or HTTP, has several vulnerabilities throughout the code that allow a local/remote user to crash the servers, as well as a passwd authentication remote overflow, allowing remote shell access as the uid of the darxite daemon. Exploit and advisory included. Tested against Linux x86 systems.
| | Author: | dethy | | Homepage: | http://www.synnergy.net | | File Size: | 4738 | | Last Modified: | Aug 23 02:03:59 2000 |
| MD5 Checksum: | 32a8c8dcfdcba3259e8d0e9af20eba1a |
|
| /// File Name: |
dievqs.pl |
Description:
|
DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it.
| | Author: | sinfony | | Homepage: | http://www.ro0t.nu/csl | | File Size: | 744 | | Last Modified: | Sep 1 03:50:41 2000 |
| MD5 Checksum: | bb949ae32c09a9e570ec0f702ea86813 |
|
| /// File Name: |
dmplay.c |
Description:
|
/usr/sbin/dmplay local exploit for Irix 6.2 and 6.3.
| | Homepage: | http://lsd-pl.net | | File Size: | 2352 | | Last Modified: | Sep 8 00:40:01 2000 |
| MD5 Checksum: | ac9e33b42c4a60714cc75052c38c0cd9 |
|
| /// File Name: |
dtaction.c |
Description:
|
/usr/dt/bin/dtaction local root exploit for solaris 2.5.1 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 2154 | | Last Modified: | Sep 7 22:26:51 2000 |
| MD5 Checksum: | fa2aae270effdf4bee65727d58de5b10 |
|
| /// File Name: |
dtaction2.c |
Description:
|
/usr/dt/bin/dtaction local root exploit for solaris 2.6 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 2196 | | Last Modified: | Sep 7 22:27:51 2000 |
| MD5 Checksum: | e8e7dc9099f1d98cc44105aa8498c91b |
|
| /// File Name: |
dtprint-info.c |
Description:
|
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7.
| | Homepage: | http://lsd-pl.net | | File Size: | 2341 | | Last Modified: | Sep 7 22:02:45 2000 |
| MD5 Checksum: | 996b54dfde60d93f64f22084f3efd836 |
|
| /// File Name: |
dtprintinfo.c |
Description:
|
/usr/dt/bin/dtprintinfo local root exploit for solaris 2.6 2.7 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 3389 | | Last Modified: | Sep 7 22:36:20 2000 |
| MD5 Checksum: | 125f0cdf634704b1de2c1b3ad80a3d9d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
