Section: .. / 0008-exploits /
/// File Name: |
kcms_configure.c |
Description:
|
/usr/openwin/bin/kcms_configure local root exploit for solaris 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2237 | Last Modified: | Sep 7 22:18:46 2000 |
MD5 Checksum: | 1dc3962c071af0f2d89f4f8957149827 |
|
/// File Name: |
netpr.c |
Description:
|
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2080 | Last Modified: | Sep 7 22:16:29 2000 |
MD5 Checksum: | 530692786bd7bc01fab37185cb22e619 |
|
/// File Name: |
lpstat.c |
Description:
|
/usr/bin/lpstat local root exploit for solaris 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 1732 | Last Modified: | Sep 7 22:15:46 2000 |
MD5 Checksum: | ee19326f19a0946f63799d3a1ae97dca |
|
/// File Name: |
lpset.c |
Description:
|
/usr/bin/lpset local root exploit for solaris 2.6 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 1747 | Last Modified: | Sep 7 22:14:06 2000 |
MD5 Checksum: | 59338dc2b875ff1ce9df8bd62055b609 |
|
/// File Name: |
rdist.c |
Description:
|
/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2124 | Last Modified: | Sep 7 22:11:52 2000 |
MD5 Checksum: | 40a867deaba689aa34e97cf710b084f9 |
|
/// File Name: |
ufs-restore.c |
Description:
|
/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2081 | Last Modified: | Sep 7 22:10:28 2000 |
MD5 Checksum: | 22672f0a24f858d6b9de77583a41ee05 |
|
/// File Name: |
xsun.c |
Description:
|
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 1683 | Last Modified: | Sep 7 22:09:30 2000 |
MD5 Checksum: | 50ff4d41f3cdbc4729c6a103a1fe385c |
|
/// File Name: |
libc.c |
Description:
|
libc.so getopt() local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 1897 | Last Modified: | Sep 7 22:07:37 2000 |
MD5 Checksum: | 84bb4eec309095aa53e48eb8a842acea |
|
/// File Name: |
libxt.c |
Description:
|
libxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2244 | Last Modified: | Sep 7 22:06:34 2000 |
MD5 Checksum: | 10711b16f233917851d0bf78daaaf957 |
|
/// File Name: |
passwd.c |
Description:
|
/bin/passwd local root exploit for Solaris 2.5 / 2.5.1.
| Homepage: | http://lsd-pl.net | File Size: | 1642 | Last Modified: | Sep 7 22:05:25 2000 |
MD5 Checksum: | 11c04649d2a1778c8af9806c351cb269 |
|
/// File Name: |
dtprint-info.c |
Description:
|
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7.
| Homepage: | http://lsd-pl.net | File Size: | 2341 | Last Modified: | Sep 7 22:02:45 2000 |
MD5 Checksum: | 996b54dfde60d93f64f22084f3efd836 |
|
/// File Name: |
msw2ktelnetdos.sh |
Description:
|
Windows 2000 telnet server denial of service exploit.
| Author: | Wildcoyote | File Size: | 1763 | Last Modified: | Sep 7 21:59:27 2000 |
MD5 Checksum: | ee7d9a5af67365ac798788142ce9b1bb |
|
/// File Name: |
awcrash.c |
Description:
|
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
| Author: | Wildcoyote | File Size: | 2830 | Last Modified: | Sep 7 21:57:15 2000 |
MD5 Checksum: | 8150a9c13739ea0d2df266164a0f3e73 |
|
/// File Name: |
CIMcheck2.pl |
Description:
|
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
| Author: | Neon. | Homepage: | | File Size: | 2264 | Last Modified: | Sep 1 19:08:07 2000 |
MD5 Checksum: | fa0e00c5e4c740f4df71fc63ad10c38a |
|
/// File Name: |
cmctl_exp |
Description:
|
This script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution.
| Author: | Kevin Wenchel | File Size: | 587 | Last Modified: | Sep 1 04:01:46 2000 |
MD5 Checksum: | bebfde5e1ca0a8b7b5a0798e710c7231 |
|
/// File Name: |
dievqs.pl |
Description:
|
DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it.
| Author: | sinfony | Homepage: | http://www.ro0t.nu/csl | File Size: | 744 | Last Modified: | Sep 1 03:50:41 2000 |
MD5 Checksum: | bb949ae32c09a9e570ec0f702ea86813 |
|
/// File Name: |
clientagent662.txt |
Description:
|
Client Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run.
| Author: | zorgon | Homepage: | http://www.nightbird.free.fr | File Size: | 2968 | Last Modified: | Sep 1 01:01:58 2000 |
MD5 Checksum: | bdc6bbbc293aae841e2449293838218a |
|
/// File Name: |
vpn-root.txt |
Description:
|
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
| Author: | Loki | File Size: | 2506 | Last Modified: | Sep 1 00:55:18 2000 |
MD5 Checksum: | e652b5019d76b70669b11034ae0542a7 |
|
/// File Name: |
AccountManSploit.zip |
Description:
|
Product: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making.
| Author: | n30 | File Size: | 1412 | Last Modified: | Aug 31 02:36:50 2000 |
MD5 Checksum: | d688ddb050336bd0b13139337235f9c8 |
|
/// File Name: |
HWA-warpcrash.c |
Description:
|
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
| Author: | eth0 | Homepage: | http://www.hwa-security.net | File Size: | 2802 | Last Modified: | Aug 31 01:56:28 2000 |
MD5 Checksum: | 18b76e61c2aea73422b522534b5da8e6 |
|
/// File Name: |
CIMcheck.pl |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
| Author: | Neon | Homepage: | | File Size: | 2352 | Last Modified: | Aug 31 00:24:11 2000 |
MD5 Checksum: | 2e1c146eee2782048fd6ac93640d7272 |
|
/// File Name: |
CIMcheck.exe |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
| Author: | Neon | Homepage: | | File Size: | 553689 | Last Modified: | Aug 31 00:07:22 2000 |
MD5 Checksum: | 27e922640c7323b800d752e47458a7f4 |
|
/// File Name: |
webmail.txt |
Description:
|
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.
| Author: | D-Krypt. | File Size: | 7708 | Last Modified: | Aug 30 23:45:09 2000 |
MD5 Checksum: | 03aafc9115dd4b8baf4a413167bc2ea3 |
|
/// File Name: |
fpage-DoS.pl |
Description:
|
Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl.
| Author: | alt3kx | Homepage: | http://www.raza-mexicana.org | File Size: | 4865 | Last Modified: | Aug 30 23:24:30 2000 |
MD5 Checksum: | 4ef33313379701100a8e4dac1ecbb646 |
|
/// File Name: |
FtpdXploit2000.tar |
Description:
|
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
| Homepage: | http://www.geocities.com/cultbh | File Size: | 20480 | Last Modified: | Aug 30 10:41:33 2000 |
MD5 Checksum: | e30e8c879f8071f9cc3b34371990388f |
|
|
|
|
|