Section: .. / 0008-exploits /
| /// File Name: |
0008-exploits.tgz |
Description:
|
Packet Storm new exploits for August, 2000.
| | File Size: | 1090974 | | Last Modified: | Sep 9 00:50:47 2000 |
| MD5 Checksum: | 3d58f82c7badff1819cdd9e0aebfdbe6 |
|
| /// File Name: |
CIMcheck.exe |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
| | Author: | Neon | | Homepage: | | | File Size: | 553689 | | Last Modified: | Aug 31 00:07:22 2000 |
| MD5 Checksum: | 27e922640c7323b800d752e47458a7f4 |
|
| /// File Name: |
outlookmailxploit.zip |
Description:
|
Microsoft Outlook remote exploit coded in delphi. Includes source code.
| | Author: | Fbyte | | File Size: | 190823 | | Last Modified: | Sep 8 00:32:37 2000 |
| MD5 Checksum: | 609d7f1261dc06565e9076ce17f1b7c7 |
|
| /// File Name: |
linsql.c |
Description:
|
Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration.
| | Author: | Herbless courtesy of Bugtraq. | | File Size: | 39781 | | Last Modified: | Aug 16 01:32:36 2000 |
| MD5 Checksum: | b2093a37c013dad47d3336afc2da99a5 |
|
| /// File Name: |
irix.telnetd.txt |
Description:
|
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here.
| | Author: | LSD | | Homepage: | http://lsd-pl.net | | File Size: | 21301 | | Last Modified: | Sep 13 21:11:15 2000 |
| MD5 Checksum: | 22385913d3970f9f00addf76aa299fee |
|
| /// File Name: |
FtpdXploit2000.tar |
Description:
|
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
| | Homepage: | http://www.geocities.com/cultbh | | File Size: | 20480 | | Last Modified: | Aug 30 10:41:33 2000 |
| MD5 Checksum: | e30e8c879f8071f9cc3b34371990388f |
|
| /// File Name: |
statdx.c |
Description:
|
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2.
| | Author: | Ron1n | | File Size: | 19060 | | Last Modified: | Aug 13 01:00:27 2000 |
| MD5 Checksum: | 3c3eb475def70e5daeabfa5cdce96748 |
|
| /// File Name: |
BOHTTPD-0.1.tar.gz |
Description:
|
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here.
| | Author: | Dan Brumleve | | Homepage: | http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi | | File Size: | 17766 | | Last Modified: | Aug 9 01:50:55 2000 |
| MD5 Checksum: | 1237399111df49d4cbb52de18f034c5e |
|
| /// File Name: |
ssexploit502x.pl |
Description:
|
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k.
| | Author: | Nemo | | Homepage: | http://www.deepzone.org | | File Size: | 15331 | | Last Modified: | Aug 13 02:29:18 2000 |
| MD5 Checksum: | 3bc933197771d5315f27ec9a7b873af5 |
|
| /// File Name: |
wais.pl.advisory.txt |
Description:
|
The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86.
| | Author: | Scrippie | | Homepage: | http://www.synnergy.net | | File Size: | 13976 | | Last Modified: | Aug 14 19:36:58 2000 |
| MD5 Checksum: | 795f85e6d55de6d0878a8c35c77da7a9 |
|
| /// File Name: |
rpc_cmsd.c |
Description:
|
rpc.cmsd remote root exploit for solaris 2.5 2.5.1 2.6 2.7 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 12135 | | Last Modified: | Sep 7 22:24:36 2000 |
| MD5 Checksum: | a68bd364a5bd58109cc0e4c852295562 |
|
| /// File Name: |
named2.c |
Description:
|
Irix 6.2/5.3 named iquery remote root buffer overflow exploit. Spawns a bindshell.
| | Homepage: | http://lsd-pl.net | | File Size: | 10303 | | Last Modified: | Sep 8 00:19:49 2000 |
| MD5 Checksum: | ae79a7e9edab60e1b0a4d70a00b1c04b |
|
| /// File Name: |
ie5-msn.exec.txt |
Description:
|
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here.
| | Author: | Georgi Guninski | | Homepage: | http://www.nat.bg/~joro | | File Size: | 8941 | | Last Modified: | Aug 16 02:12:00 2000 |
| MD5 Checksum: | 1f4cc1e9ab9d13efedb1c42dbabdbc96 |
|
| /// File Name: |
spad02.txt |
Description:
|
Unavailable.
| | File Size: | 8894 | | Last Modified: | Aug 24 19:57:43 2000 |
| MD5 Checksum: | 78978df1ffd3d83d01195c113927bb9a |
|
| /// File Name: |
rpc_ttdbserverd.c |
Description:
|
rpc.ttdbserverd remote root exploit for solaris 2.3 2.4 2.5 2.5.1 2.6 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 8792 | | Last Modified: | Sep 7 22:23:37 2000 |
| MD5 Checksum: | de488f5d152139ee527eb5b73f54902a |
|
| /// File Name: |
daemonic.c |
Description:
|
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems.
| | Author: | Sil | | Homepage: | http://www.antioffline.com | | File Size: | 8144 | | Last Modified: | Aug 28 10:55:49 2000 |
| MD5 Checksum: | 6f0c6611db0f18e797c8422d40ca25a2 |
|
| /// File Name: |
irix_rpc_ttdbserverd.c |
Description:
|
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2.
| | Homepage: | http://lsd-pl.net | | File Size: | 7902 | | Last Modified: | Sep 7 23:00:57 2000 |
| MD5 Checksum: | 983cc713413d355851a1143d56d1b1e5 |
|
| /// File Name: |
Critical_Path_CSS |
Description:
|
A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.
| | Author: | Jeffrey W. Baker | | File Size: | 7803 | | Last Modified: | Aug 30 02:41:07 2000 |
| MD5 Checksum: | ce67656bc39d3867917caa86196bff78 |
|
| /// File Name: |
xgopher.c |
Description:
|
Gopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd.
| | Author: | Vade79 | | Homepage: | http://www.realhalo.org | | File Size: | 7768 | | Last Modified: | Aug 13 00:57:45 2000 |
| MD5 Checksum: | c14ac8b3755c45bc40fc054898920107 |
|
| /// File Name: |
webmail.txt |
Description:
|
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.
| | Author: | D-Krypt. | | File Size: | 7708 | | Last Modified: | Aug 30 23:45:09 2000 |
| MD5 Checksum: | 03aafc9115dd4b8baf4a413167bc2ea3 |
|
| /// File Name: |
srcgrab.pl.txt |
Description:
|
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages.
| | Author: | Smiler | | File Size: | 7692 | | Last Modified: | Aug 17 19:28:32 2000 |
| MD5 Checksum: | 821dc542307911b4bfd039e2463a515e |
|
| /// File Name: |
wcGoph.c |
Description:
|
Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0.
| | Author: | WC | | File Size: | 7419 | | Last Modified: | Aug 14 02:04:33 2000 |
| MD5 Checksum: | a3b6c54833b546a3182097e891afa9ad |
|
| /// File Name: |
bubonic.c |
Description:
|
Bubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot.
| | Author: | Sil | | Homepage: | http://www.antioffline.com | | File Size: | 6625 | | Last Modified: | Aug 28 11:06:39 2000 |
| MD5 Checksum: | c3272ac6b130a121e601108895f93080 |
|
| /// File Name: |
objectserver2.c |
Description:
|
SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list.
| | Homepage: | http://lsd-pl.net | | File Size: | 6357 | | Last Modified: | Sep 7 23:04:56 2000 |
| MD5 Checksum: | 7819f36ebeb0df0e7d844ea40bc548a4 |
|
| /// File Name: |
rpc.statd.x86.c |
Description:
|
Linux/x86 rpc.statd remote root exploit.
| | Author: | Doing courtesy of Bugtraq | | File Size: | 6169 | | Last Modified: | Aug 2 21:07:47 2000 |
| MD5 Checksum: | 4ae08a9ce1799224f33fc2f26d18f9bd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
